Lucene search
+L

5471 matches found

exploitdb
exploitdb
added 2018/09/18 12:0 a.m.37 views

Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris libnspr NSPRLOGFILE Privilege Escalation', 'Description' = %q This module exploits an arbitrary file write vulnerability in the Netscape...

3.6CVSS7.4AI score0.076EPSS
Exploits27
metasploit
metasploit
added 2018/09/11 8:11 a.m.41 views

Solaris libnspr NSPR_LOG_FILE Privilege Escalation

This module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library libnspr on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the NSPRLOGFILE...

3.6CVSS0.7AI score0.076EPSS
Exploits27
nessus
nessus
added 2018/09/11 12:0 a.m.36 views

Apache Struts 2.x < 2.3.18 Multiple Critical Vulnerabilities (S2-008)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.18. It, therefore, is affected by multiple critical vulnerabilities: - A remote code execution vulnerability exists in ExceptionDelegator due to improper validation of user-supplied input. An unauthenticated, remote...

7AI score
Exploits0References1
zdi
zdi
added 2018/09/07 12:0 a.m.13 views

(0Day) Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10010 Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center.Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbman service, which listens on TCP port...

9.3CVSS2.8AI score
Exploits0
cnvd
cnvd
added 2018/09/06 12:0 a.m.5 views

Red Hat glusterfs server RPC request processor component path traversal vulnerability

Red Hat glusterfs server is an open source distributed file system from Red Hat Red Hat. The system is mainly for media streaming , data analysis and other data and bandwidth intensive tasks to create large-scale distributed storage solutions. A path traversal vulnerability exists in the...

8.8CVSS8.5AI score0.02599EPSS
Exploits0References1
osv
osv
added 2018/09/04 3:29 p.m.3 views

UBUNTU-CVE-2018-10926

A flaw was found in RPC request using gfs3mknodreq supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node...

8.8CVSS7.3AI score0.02599EPSS
Exploits0References5
redhat
redhat
added 2018/09/04 6:24 a.m.4 views

glusterfs: Device files can be created in arbitrary locations

A flaw was found in RPC request using gfs3mknodreq supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node...

8.8CVSS7.7AI score0.02599EPSS
Exploits0References4
mageia
mageia
added 2018/08/31 9:11 p.m.46 views

Updated quazip packages fix security vulnerability

Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar,x...

5.5CVSS3.3AI score0.0595EPSS
Exploits0References2
osv
osv
added 2018/08/31 9:11 p.m.8 views

MGASA-2018-0362 Updated quazip packages fix security vulnerability

Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar,x...

5.5CVSS5.6AI score0.0595EPSS
Exploits0References3
zdi
zdi
added 2018/08/31 12:0 a.m.32 views

Hewlett Packard Enterprise Intelligent Management Center imciccdm createFabricAutoCfgFile Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imciccdm component. The issue results fro...

7.8CVSS2.6AI score0.02854EPSS
Exploits0References1
packetstorm
packetstorm
added 2018/08/31 12:0 a.m.99 views

phpMyAdmin 4.7.x Cross Site Request Forgery

Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery Date: 2018-08-28 Exploit Author: VulnSpy Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: Versions 4.7.x prior to 4.7.7 Tested on: php7 mysql5 CVE: CVE-2017-1000499 Exploit CSRF ...

6.8CVSS1AI score0.08464EPSS
Exploits5
exploitdb
exploitdb
added 2018/08/29 12:0 a.m.55 views

phpMyAdmin 4.7.x - Cross-Site Request Forgery

Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery Date: 2018-08-28 Exploit Author: VulnSpy Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: Versions 4.7.x prior to 4.7.7 Tested on: php7 mysql5 CVE: CVE-2017-1000499 -- Original...

8.8CVSS8.7AI score0.08464EPSS
Exploits5
zdt
zdt
added 2018/08/29 12:0 a.m.183 views

phpMyAdmin 4.7.x - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery Exploit Author: VulnSpy Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: Versions 4.7.x prior to 4.7.7 Tested on: php7 mysql...

7.2CVSS0.3AI score0.08464EPSS
Exploits12
cnvd
cnvd
added 2018/08/22 12:0 a.m.2 views

Arbitrary File Write Vulnerability in LibreHealthIO LH-EHR

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the export template in the LibreHealthIO LH-HER REL-2.0.0 release. An attacker can exploit this vulnerability to write files with malicious...

8.8CVSS8.9AI score0.03286EPSS
Exploits1References1
veracode
veracode
added 2018/08/21 2:46 a.m.19 views

Arbitrary File Write

pyro is vulnerable to arbitrary file write. The pid files are stored in the temporary directory location /tmp and opened as root user, which allows an attacker to abuse the vulnerability to overwrite arbitrary files via symlinks...

7.5CVSS7.4AI score0.02188EPSS
Exploits1References3Affected Software1
cnvd
cnvd
added 2018/08/21 12:0 a.m.4 views

LibreHealthIO LH-EHR Arbitrary File Write Vulnerability (CNVD-2019-21231)

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the letter.php file in the LibreHealthIO LH-EHR REL-2.0.0 release, which can be exploited to write a file with malicious content and...

8.8CVSS8.9AI score0.02797EPSS
Exploits1References1
cnvd
cnvd
added 2018/08/21 12:0 a.m.2 views

LibreHealthIO LH-EHR Arbitrary File Write Vulnerability

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the letter.php file in the LibreHealthIO LH-EHR REL-2.0.0 release, which can be exploited to write a file with malicious content and...

8.8CVSS8.9AI score0.02797EPSS
Exploits1References1
cnvd
cnvd
added 2018/08/17 12:0 a.m.5 views

DamiCMS has an arbitrary file write vulnerability

DamiCMS is a content management system CMS for building websites quickly. DamiCMS v6.0.0 version exists arbitrary file write vulnerability, the vulnerability stems from the template editing page fails to strictly detect the file name suffix, an attacker can exploit the vulnerability to write...

7.5AI score
Exploits0
osv
osv
added 2018/08/16 2:55 p.m.9 views

SUSE-SU-2018:2386-1 Security update for perl-Archive-Zip

This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or...

7.5CVSS7.5AI score0.48716EPSS
Exploits0References3
redhat
redhat
added 2018/08/09 5:23 p.m.89 views

Critical: Red Hat Security Advisory: redhat-certification security update

An update for redhat-certification is now available for Red Hat Certification for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.7AI score0.06182EPSS
Exploits0References4
Rows per page
Query Builder