52 matches found
CVE-2012-3399
CVE-2012-3399 describes a remote command execution in Basilic 1.5.14 triggered by unsanitized input in diff.php via the file parameter, allowing an attacker to execute shell commands with the web server user (www-data). The root cause is input verification weaknesses in the affected function. Pub...
CVE-2012-3399
creationtimestamp| type| source ---|---|--- 2012-07-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/19631 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/basilicdiffexec.rb 2025-02-06 03:13:40+00:00| seen|...
Mozilla Firefox js_InitRandom函数不充分随机数漏洞
CVECAN ID: CVE-2010-3399,CVE-2010-3400 Firefox是一款非常流行的开源WEB浏览器。 Firefox的JavaScript实现中的jsInitRandom函数使用了当前时间或环境相关的指针作为随机数生成器的种子,攻击者可以通过暴力猜测攻击相对容易的猜测到种子值,从而执行劫持会话等各种攻击。 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2010-3399
The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...
CVE-2009-3399
The CVE-2009-3399 entry affects BEA WebLogic Server (WebLogic Server component) in BEA Product Suite versions 7.0.6 and 8.1.5. The vulnerability is associated with the WLS Console and is exploitable over HTTP/Network with no authentication required, enabling remote attackers to impact integrity. ...
CVE-2008-3399
creationtimestamp| type| source ---|---|--- 2008-07-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6131...
CVE-2007-3595
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3399. Reason: This candidate is a duplicate of CVE-2007-3399. Notes: All CVE users should reference CVE-2007-3399 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3399. Reason: This candidate is a duplicate of CVE-2007-3399. Notes: All CVE users should reference CVE-2007-3399 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2007-3595
CVE-2007-3595 is a duplicate of CVE-2007-3399 and has been withdrawn; the active entry to reference is CVE-2007-3399, which describes an SQL injection vulnerability in Power Phlogger (PPhlogger) 2.2.5 and earlier allowing remote execution of arbitrary SQL commands via the username parameter in lo...
CVE-2006-3399
Summary (CVE-2006-3399) : A cross‑site scripting (XSS) flaw in MoniWiki’s wiki.php affects releases prior to 1.1.2-20060702. An attacker can craft a URL to inject arbitrary JavaScript which is reflected back in an error message. This vulnerability is described as a variant of CVE-2004-1632. Affec...
Nmap Scanner Detection
Binary data 3399.prm...
CVE-2005-3399
CVE-2005-3399 relates to an interpretation error in CAT-QuickHeal 8.0 where a file type misclassification occurs due to an “MZ” magic-byte sequence (typically EXE) present in BAT/HTML/EML content. This causes the file to be treated as a safe type that could still be executed as a dangerous file o...