Lucene search
+L

60 matches found

NVD
NVD
added 2014/10/10 10:55 a.m.21 views

CVE-2014-4873

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data...

6.5CVSS7.8AI score0.02923EPSS
Exploits6References4
CVE
CVE
added 2014/10/10 10:0 a.m.54 views

CVE-2014-4873

CVE-2014-4873 affects BMC Track-It! 11.3.0.355. The vulnerability is an SQL injection in TrackItWeb/Grid/GetData that allows a remote authenticated user to execute arbitrary SQL commands via crafted POST data. Multiple sources corroborate the issue and indicate hotfixes are available from the ven...

6.5CVSS7.9AI score0.02923EPSS
Exploits6References4Affected Software1
CERT
CERT
added 2014/10/07 12:0 a.m.82 views

BMC Track-It! contains multiple vulnerabilities

Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function -CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke...

7.5CVSS10AI score0.80095EPSS
Exploits16References4
CVE
CVE
added 2013/07/18 2:0 p.m.45 views

CVE-2013-4873

CVE-2013-4873 : The Yahoo! Tumblr app for iOS prior to 3.4.1 transmits credentials in cleartext, allowing remote attackers to obtain sensitive information by sniffing network traffic. The provided sources describe the vulnerability and its impact (partial confidentiality) and confirm remote explo...

5CVSS6.1AI score0.02072EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2012/09/06 9:0 p.m.56 views

CVE-2012-4873

GNUBoard is vulnerable to an XSS in the file_download function via the filename parameter, affecting versions before 4.34.21. The root cause is improper handling of the filename input leading to script/HTML injection. Remediation: upgrade to GNUBoard 4.34.21 or apply the provided patch. Public re...

4.3CVSS5.9AI score0.01631EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2012/09/06 9:0 p.m.17 views

CVE-2012-4873

Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

5.7AI score0.01631EPSS
Exploits1References4
Circl
Circl
added 2012/03/20 12:0 a.m.5 views

CVE-2012-4873

creationtimestamp| type| source ---|---|--- 2012-03-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36973...

4.3CVSS5.8AI score0.01631EPSS
Exploits1References1
CVE
CVE
added 2012/01/19 3:0 p.m.47 views

CVE-2011-4873

CVE-2011-4873 affects Certec EDV GmbH atvise prior to version 2.1. A remote attacker can cause a denial of service (daemon crash) by sending specially crafted packets to TCP port 4840. Public exploits are noted. ICS-CERT reports that Certec released an updated atvise (≥2.1) to mitigate the issue....

5CVSS6.8AI score0.01917EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/10/07 10:0 a.m.52 views

CVE-2010-4873

The CVE-2010-4873 entry concerns WeBid 0.8.5 P1 with a reflected cross-site scripting (XSS) vulnerability in confirm.php, exploitable by supplying a crafted id parameter. The root cause is insufficient input sanitization of user-supplied id, enabling remote attackers to inject arbitrary script/HT...

4.3CVSS5.9AI score0.01776EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2010/05/26 6:0 p.m.56 views

CVE-2009-4873

CVE-2009-4873 describes a stack-based buffer overflow in the HTTP server of Rhino Software Serv-U Web Client 9.0.0.5, exploitable via a long Session cookie to cause a denial of service or arbitrary code execution. Multiple connected sources confirm the vulnerability, with OpenVAS and Nessus notin...

10CVSS8.3AI score0.20553EPSS
Exploits1References4Affected Software1
Circl
Circl
added 2009/11/02 12:0 a.m.8 views

CVE-2009-4873

creationtimestamp| type| source ---|---|--- 2009-11-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9966 2009-11-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9800...

10CVSS5.8AI score0.20553EPSS
Exploits1References2
Cvelist
Cvelist
added 2008/10/31 10:0 p.m.19 views

CVE-2008-4873

board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a downfile action...

7.6AI score0.04929EPSS
Exploits0References5
CVE
CVE
added 2008/10/31 10:0 p.m.46 views

CVE-2008-4873

CVE-2008-4873 affects Sepal SPBOARD 4.5: board.cgi’s down_file action accepts a file parameter, and remote attackers can inject shell metacharacters to execute arbitrary commands. The vulnerability enables full compromise of confidentiality, integrity, and availability (as reflected in CVSS: Netw...

10CVSS7.6AI score0.04929EPSS
Exploits0References5Affected Software1
Circl
Circl
added 2008/10/29 12:0 a.m.3 views

CVE-2008-4873

creationtimestamp| type| source ---|---|--- 2008-10-29 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6864 2024-10-11 09:08:41+00:00| seen| https://t.me/CyberSecurityTechnologies/107...

10CVSS5.8AI score0.04929EPSS
Exploits0References2
CVE
CVE
added 2008/03/24 10:0 a.m.51 views

CVE-2005-4873

The CVE-2005-4873 entry concerns the phpcups PHP module for CUPS, with multiple stack-based buffer overflows in cups_get_dest_options (phpcups.c) that may allow context-dependent attackers to execute arbitrary code via long function parameters. Affected product/component: phpcups module integrate...

7.5CVSS7.7AI score0.01907EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/09/27 7:0 p.m.46 views

CVE-2007-4873

SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, enabling remote retrieval of arbitrary .inc files via direct requests (example: admin/includes/dbtables.inc). Root cause: information disclosure in PHP-based system; impact: partial confidentiality ...

5CVSS6.4AI score0.01491EPSS
Exploits1References7Affected Software1
Packet Storm
Packet Storm
added 2007/09/26 12:0 a.m.54 views

simpnews24103-fdisclose.txt

netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...

5CVSS6.7AI score0.01491EPSS
Exploits1
CVE
CVE
added 2006/09/19 9:0 p.m.46 views

CVE-2006-4873

CVE-2006-4873 affects Jupiter CMS 1.1.5. A remote attacker can disclose installation paths by requesting specific PHP module files (examples include includes/functions.php, modules/register.php, modules/poll.php, modules/panel.php, modules/pm.php, modules/news.php, modules/templates_change.php, m...

5CVSS6.1AI score0.02009EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2005/12/31 5:0 a.m.23 views

CVE-2005-4873

Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cupsgetdestoptions function in phpcups.c...

7.5CVSS6.4AI score0.01907EPSS
Exploits0References1
OSV
OSV
added 2005/12/31 5:0 a.m.6 views

CVE-2005-4873

Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cupsgetdestoptions function in phpcups.c...

8AI score
Exploits0References2
Rows per page
Query Builder