Lucene search
+L

5472 matches found

exploitdb
exploitdb
added 2014/02/22 12:0 a.m.32 views

SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write

''' Title: SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write Vulnerability Date: 2-21-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.solidworks.com/sw/products/product-data-management/workgroup-pdm.htm Tested on: Windows 7 Vulnerability type:...

7.4AI score
Exploits0
openvas
openvas
added 2014/02/10 12:0 a.m.33 views

Koha Multiple Vulnerabilities (Feb 2014) - Active Check

Koha is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:koha:koha"; if description...

9.8CVSS8.1AI score0.03464EPSS
Exploits4References1
jvn
jvn
added 2014/01/10 5:34 a.m.2 views

ZIP with Pass vulnerable to directory traversal

Overview ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

5.8CVSS6.9AI score0.01142EPSS
Exploits0References6
zdi
zdi
added 2014/01/10 12:0 a.m.34 views

Hewlett-Packard Data Protector Backup Client Service Opcode 42 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service OmniInet.exe. The Backup Client Service listens on TCP port 5555...

10CVSS5.9AI score0.65924EPSS
Exploits10References1
zdi
zdi
added 2014/01/10 12:0 a.m.665 views

Hewlett-Packard Data Protector Backup Client Service Opcode 45 and 46 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service OmniInet.exe. The Backup Client Service listens on TCP port 5555...

10CVSS5.9AI score0.10436EPSS
Exploits1References1
redhat
redhat
added 2013/10/21 5:22 p.m.7 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
seebug
seebug
added 2013/10/18 12:0 a.m.71 views

程氏舞曲CMSPHP3.0储存型xss与后台任意文件写入漏洞

简要描述: 插入 构造的js 可 getshell 详细说明: user/space.php?ac=edit&op=zl 修改 签名处,没有 任何过滤。xss产生 后台 看了下 可以写任意格式文件。。 抓包。。 POST /admin/skins/skins.php?ac=xgmb&op=go&path=../../skins/index/html/ HTTP/1.1 Accept: text/html, application/xhtml+xml, / Referer:...

7.1AI score
Exploits0
redhat
redhat
added 2013/10/15 6:30 p.m.7 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
redhat
redhat
added 2013/10/15 6:18 p.m.8 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
seebug
seebug
added 2013/10/09 12:0 a.m.50 views

xampp 1.8.1 任意文件写入漏洞

BUGTRAQ ID: 62665 CVE ID: CVE-2013-2586 XAMPP是跨平台开源Web服务器解决方案软件包,主要包括Apache HTTP Server, MySQL数据库, 以及用PHP及Perl编程语言编写的脚本的解释程序。 XAMPP 1.8.1的"/xampp/lang.php"页面存在注入漏洞,未授权用户可在本地磁盘内写入,本地文件 "lang.tmp"可以从远程机器上进行修改,可在目标用户浏览器中执行任意HTML或脚本代码,窃取用户凭证之类的敏感信息。 0 xampp 1.8.1 厂商补丁: xampp -----...

4.3CVSS6.4AI score0.0521EPSS
Exploits6
exploitpack
exploitpack
added 2013/08/06 12:0 a.m.23 views

Nmap - Arbitrary File Write

Nmap - Arbitrary File Write source: https://www.securityfocus.com/bid/62024/info Nmap is prone to an arbitrary file-write vulnerability. An attacker can exploit this issue to write arbitrary files with the permissions of the user running the nmap client. This will allow the attacker to fully...

0.2AI score
Exploits0
exploitdb
exploitdb
added 2013/08/06 12:0 a.m.37 views

Nmap - Arbitrary File Write

source: https://www.securityfocus.com/bid/62024/info Nmap is prone to an arbitrary file-write vulnerability. An attacker can exploit this issue to write arbitrary files with the permissions of the user running the nmap client. This will allow the attacker to fully compromise the affected machine...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2013/06/12 12:0 a.m.20 views

230 CMS 1.1.2012 PHP Code Injection

'; $defaulttime = isset$POST'defaulttime' ? $POST'defaulttime' : 'UTC'; $dbhost = isset$POST'dbhost' ? $POST'dbhost' : 'localhost'; $dbname = isset$POST'dbname' ? $POST'dbname' : ''; $dbuser = isset$POST'dbuser' ? $POST'dbuser' : 'root'; $dbpassword = isset$POST'dbpassword' ? $POST'dbpassword' :...

0.2AI score
Exploits0
packetstorm
packetstorm
added 2013/06/11 12:0 a.m.31 views

mkCMS 3.6 PHP Code Injection

Exploit Title : mkCMS PHP Code Injection Date : 11 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://mkcms.milankragujevic.com/ Software Link : http://jaist.dl.sourceforge.net/project/milan-cms/Releases/mkCMS-v3.6.zip Version : 3.6 Tested on : Window and...

0.4AI score
Exploits0
zdt
zdt
added 2013/06/05 12:0 a.m.33 views

CMS Gratis Indonesia PHP Code Injection Vulnerability

CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability. Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link :...

7.6AI score
Exploits0
packetstorm
packetstorm
added 2013/06/04 12:0 a.m.31 views

CMS Gratis Indonesia PHP Code Injection

Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link : http://jaist.dl.sourceforge.net/project/cmsid/source/2.2/cmsid-2.2-beta1.zip Version : 2.2 Beta 1 Tested on : Windo...

0.6AI score
Exploits0
packetstorm
packetstorm
added 2013/06/01 12:0 a.m.23 views

PHP4DVD 2.0 Code Injection

Exploit Title : PHP4DVD PHP Code Injection Date : 31 May 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://php4dvd.sourceforge.net/ Software Link : http://downloads.sourceforge.net/project/php4dvd/php4dvd-2.0.zip Version : 2.0 Tested on : Window and Linux...

7.4AI score
Exploits0
saint
saint
added 2012/12/21 12:0 a.m.41 views

MySQL FILE privilege elevation

Added: 12/21/2012 CVE: CVE-2012-5613 BID: 56771 OSVDB: 88118 Background MySQL is an open-source database software package available for multiple platforms. Problem A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation. Resolution Revo...

6CVSS5.7AI score0.31664EPSS
Exploits15
nessus
nessus
added 2012/12/14 12:0 a.m.120 views

MarkAny Content SAFER ActiveX Arbitrary Download and Execution

The remote host has the MarkAny Content SAFER ActiveX control installed, which is distributed with Samsung KIES. It is affected by an arbitrary file write vulnerability that is triggered during the parsing of a method call. This may allow attackers to overwrite or download arbitrary files. C...

9.3CVSS5.5AI score0.03721EPSS
Exploits0References2
gentoo
gentoo
added 2012/10/21 12:0 a.m.47 views

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

10CVSS9.7AI score0.04641EPSS
Exploits0
Rows per page
Query Builder