Lucene search
+L

88 matches found

nessus
nessus
added 2009/03/30 12:0 a.m.29 views

Debian DSA-1755-1 : systemtap - race condition

Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

6.3CVSS5.3AI score0.00257EPSS
Exploits1References2
metasploit
metasploit
added 2009/01/15 7:9 a.m.30 views

AWStats migrate Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWStats configuration fil...

5.1CVSS10AI score0.58356EPSS
Exploits10
cve
cve
added 2008/04/11 8:28 p.m.49 views

CVE-2008-1755

The CVE-2008-1755 entry concerns a Directory traversal vulnerability in World of Phaos 4.0.1, specifically in the showSource.php showSource function. An attacker can read arbitrary files by supplying directory traversal sequences in the file parameter. No explicit remediation is provided in the c...

5CVSS6.7AI score0.02672EPSS
Exploits1References4Affected Software1
cve
cve
added 2006/05/21 4:0 p.m.49 views

CVE-2005-1755

The CVE-2005-1755 entry concerns PHP Poll Creator (version 1.01) where PHP remote file inclusion is possible through the relativer_pfad parameter in poll_vote.php. The underlying issue is arbitrary PHP code execution via a manipulated relative path, as described in the NVD entry for poll_vote.php...

6.4CVSS7.9AI score0.02469EPSS
Exploits1References5Affected Software1
cve
cve
added 2006/04/13 1:0 a.m.49 views

CVE-2006-1755

MD News 1 admin.php is affected by an SQL injection in the id parameter that allows remote attackers to run arbitrary SQL. Root cause: improper handling of input leading to SQL injection. Impact: potential unauthorized data exposure or modification; exploitation is remote over the network with lo...

7.5CVSS8.3AI score0.01277EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2005/03/10 5:0 a.m.16 views

CVE-2004-1755

The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges...

6.8AI score0.01473EPSS
Exploits0References5
nvd
nvd
added 2004/12/31 5:0 a.m.11 views

CVE-2004-1755

The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges...

7.5CVSS6.8AI score0.01473EPSS
Exploits0References5
osv
osv
added 2002/12/31 5:0 a.m.3 views

DEBIAN-CVE-2002-1755

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...

5CVSS7AI score0.01096EPSS
Exploits0References1
Rows per page
Query Builder