An Ethreal Security Advisories reports : Our testing program has turned up several more security issues : The LDAP dissector could free static memory and crash. The AgentX dissector could crash. The 802.3 dissector could go into an infinite loop. The PER dissector could abort. The DHCP...
0.1AI Score
Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob() or expand() functions. An attacker could trick an user to read or edit a trojaned file with modelines.....
1AI Score
0.007EPSS
ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports: Our testing program has turned up several more security issues: The LDAP dissector could free static memory and crash. The AgentX dissector could crash. The 802.3 dissector could go into an infinite loop. The PER dissector could abort. The DHCP...
AI Score
vim -- vulnerabilities in modeline handling: glob, expand
Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob() or expand() functions. An attacker could trick an user to read or edit a...
7AI Score
0.007EPSS
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain...
6.7AI Score
0.003EPSS
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain...
6.3AI Score
0.003EPSS
An Ethreal Security Advisories reports : An aggressive testing program as well as independent discovery has turned up a multitude of security issues Please reference CVE/URL list for...
-0.1AI Score
0.066EPSS
FreeBSD : vim -- vulnerabilities in modeline handling (bd9fc2bf-5ffe-11d9-a11a-000a95bc6fae)
Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads : Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. (Ciaran McCreesh) Solution: Don't allow setting termcap...
-0.3AI Score
0.001EPSS
An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 The GPRS-LLC dissector could crash if the 'ignore cipher bit' option was enabled. CVE:...
0.1AI Score
0.025EPSS
FreeBSD : ethereal -- multiple vulnerabilities (efa1344b-5477-11d9-a9e7-0001020eed82)
An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash. An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling...
6.9AI Score
0.025EPSS
An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : The COPS dissector could go into an infinite loop. CVE: CAN-2005-0006 The DLSw dissector could cause an assertion. CVE : CAN-2005-0007 The DNP dissector could cause memory corruption....
0.5AI Score
0.036EPSS
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc...
7.6AI Score
0.014EPSS
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and...
7.1AI Score
0.011EPSS
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and...
6.7AI Score
0.011EPSS
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc...
7.6AI Score
0.014EPSS
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to...
6.8AI Score
0.012EPSS
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to...
7.2AI Score
0.012EPSS
High Risk Vulnerability in L-Soft's LISTSERV Server
Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a high risk rating. Affected versions include: LISTSERV version 14.3, including LISTSERV Lite and HPO LISTSERV version 1.8e, including LISTSERV Lite.....
0.8AI Score
PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities
According to its banner, the version of AutoTheme for PostNuke on the remote host suffers from multiple, unspecified vulnerabilities affecting the 'Blocks' module. Reportedly, some of these issues may allow a remote attacker to gain unauthorized access to the remote host. Note that the...
0.3AI Score
0.004EPSS
Woltlab Burning Board verify_email Function SQL Injection
The version of Burning Board or Burning Board Lite installed on the remote host suffers from a SQL injection vulnerability in the way it verifies email addresses when, for example, a user registers. An attacker can exploit this flaw to affect database...
AI Score
0.021EPSS
Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown...
6.8AI Score
0.004EPSS
Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive...
6.6AI Score
0.0004EPSS
Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown...
6.9AI Score
0.004EPSS
Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive...
6.6AI Score
0.0004EPSS
Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown...
6.8AI Score
0.004EPSS
Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive...
7AI Score
0.0004EPSS
Woltlab Burning Board pms.php folderid Parameter XSS
The version of Burning Board or Burning Board Lite installed on the remote host may be prone to cross-site scripting attacks due to its failure to properly sanitize input passed to the 'folderid' parameter of the 'pms.php' script. An attacker may be able to exploit this flaw to cause arbitrary...
-0.8AI Score
0.001EPSS
Woltlab Burning Board Detection
The remote host is running Burning Board or Burning Board Lite, message forum software packages that use PHP and...
7.2AI Score
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to...
8.8AI Score
0.007EPSS
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN...
7.5AI Score
0.021EPSS
Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to...
6AI Score
0.007EPSS
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to...
5.8AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to...
8.4AI Score
0.007EPSS
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to...
6AI Score
0.006EPSS
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN...
7.1AI Score
0.021EPSS
ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports: An aggressive testing program as well as independent discovery has turned up a multitude of security issues Please reference CVE/URL list for...
6.4AI Score
0.066EPSS
Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid...
5.9AI Score
0.004EPSS
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the...
7.1AI Score
0.007EPSS
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP...
8.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error...
5.8AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error...
6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid...
6.1AI Score
0.004EPSS
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the...
7.1AI Score
0.007EPSS
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP...
8.4AI Score
0.002EPSS
7.4AI Score
MS Windows WINS Vulnerability and OS/SP Scanner
Exploit for unknown platform in category remote...
7.1AI Score
Microsoft Windows - WINS Vulnerability + OSSP Scanner
Microsoft Windows - WINS Vulnerability + OSSP...
-0.8AI Score
7.1AI Score
7.4AI Score
EPSS
Download Center Lite (DCL) <= 1.5 Remote File Inclusion
Exploit for unknown platform in category web...
7.1AI Score