Lucene search
K

56 matches found

ArchLinux
ArchLinux
added 2016/08/26 12:0 a.m.57 views

mediawiki: multiple issues

CVE-2016-6331 permission bypass Check read permission when loading page content in ApiParse. Prevents leaking page contents for extensions that deny read rights to certain pages via a userCan hook, but still allow the user to have read rights in general. - CVE-2016-6332 permission bypass Make...

6.7AI score0.02133EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2016/05/09 12:0 a.m.16 views

Cisco Prime Collaboration Assurance 10.5.1.x < 10.5.1.58480 Multiple Vulnerabilities

According to its self-reported version number, the remote Cisco Prime Collaboration Assurance device is 10.5.1.x prior to 10.5.1.58480. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the web framework of Cisco Prime Collaboration...

6.8CVSS6AI score0.01885EPSS
Exploits0References4
CVE
CVE
added 2015/10/12 10:0 a.m.48 views

CVE-2015-6331

CVE-2015-6331 is a SQL injection vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA). The issue affects PCA 10.5.1.x before 10.5.1.58480, with an authenticated remote attacker able to inject or manipulate SQL via input used in backend queries, potentially exposing or m...

6.5CVSS8.2AI score0.01592EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/11/11 10:0 p.m.54 views

CVE-2014-6331

CVE-2014-6331 affects Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1 and 3.0. The vulnerability arises when a configured SAML Relying Party lacks a sign-out endpoint and logoff actions are not processed correctly, enabling information disclosure and potential access via an unatte...

5CVSS6.4AI score0.20317EPSS
Exploits0References4Affected Software1
Symantec
Symantec
added 2014/11/11 12:0 a.m.23 views

Microsoft Active Directory Federation Services CVE-2014-6331 Information Disclosure Vulnerability

Description Microsoft Active Directory Federation Services is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Active Directory Federation Services 2.0...

5CVSS1.3AI score0.20317EPSS
Exploits0Affected Software1
Kaspersky
Kaspersky
added 2014/11/11 12:0 a.m.51 views

KLA10612 Information disclosure vulnerability in Microsoft AD Federation Services

An unspecified vulnerability was found in Microsoft AD Federation Services. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via unattended workstation manipulations. Original advisories CVE-2014-6331 Related products...

5CVSS6.4AI score0.20317EPSS
Exploits0References4
CVE
CVE
added 2014/03/05 11:0 a.m.57 views

CVE-2013-6302

CVE-2013-6302 is a SQL injection vulnerability affecting IBM Algo One as used in MetaData Management Tools (UDS 4.7.0–5.0.0), ACSWeb in Algo Security Access Control Management (4.7.0–4.9.0), and ACSWebApps (5.0.0). The underlying issue allows remote authenticated users to execute arbitrary SQL vi...

6.5CVSS7.9AI score0.00969EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/03/05 11:0 a.m.22 views

CVE-2013-6331

SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified...

7.6AI score0.00969EPSS
Exploits1References2
NVD
NVD
added 2009/02/27 4:30 p.m.17 views

CVE-2008-6331

Multiple cross-site request forgery CSRF vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

6CVSS7.2AI score0.00484EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/02/27 4:0 p.m.20 views

CVE-2008-6331

Multiple cross-site request forgery CSRF vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

7.2AI score0.00484EPSS
Exploits0References4
CVE
CVE
added 2009/02/27 4:0 p.m.41 views

CVE-2008-6331

The vulnerability is in the Streber application prior to version 0.08093 , described as multiple CSRF vulnerabilities that allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The available documents do not provide concrete exploit steps, affected compon...

6CVSS7.4AI score0.00484EPSS
Exploits0References4Affected Software1
d2
d2
added 2007/12/13 7:46 p.m.55 views

DSquare Exploit Pack: D2SEC_HPINFO

Name| d2sechpinfo ---|--- CVE| CVE-2007-6331 Exploit Pack| D2ExploitPack Description| HP Info Center HPInfoDLL.DLL ActiveX Arbitrary Code Execution Vulnerability Notes|...

9.3CVSS2.6AI score0.3012EPSS
Exploits2
CVE
CVE
added 2007/12/13 7:0 p.m.51 views

CVE-2007-6331

CVE-2007-6331 describes an absolute path traversal in the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center and the HP Quick Launch Button (QLB) software, up to version 6.3. The vulnerability allows remote attackers to execute arbitrary programs by passing a craft...

9.3CVSS7.3AI score0.3012EPSS
Exploits2References9Affected Software2
Kaspersky
Kaspersky
added 2007/12/13 12:0 a.m.81 views

KLA10186 Multiple vulnerabilities in HP Quick Launch Button

Multiple serious vulnerabilities have been found in HP Quick Launch Button. Malicious users can exploit these vulnerabilities to read and write arbitrary registry entries or execute arbitrary programs Below is a complete list of vulnerabilities 1. Vectors related to GetRegValue and SetRegValue ca...

9.3CVSS7.6AI score0.3012EPSS
Exploits4References2
UbuntuCve
UbuntuCve
added 2006/12/06 9:28 p.m.20 views

CVE-2006-6331

metaInfo.php in TorrentFlux 2.2, when $cfg"enablefilepriority" is false, allows remote attackers to execute arbitrary commands via shell metacharacters backticks in the torrent parameter to 1 details.php and 2 startpop.php...

6CVSS6.2AI score0.01234EPSS
Exploits0References1
CVE
CVE
added 2006/12/06 9:0 p.m.39 views

CVE-2006-6331

CVE-2006-6331 affects TorrentFlux 2.2. When $cfg["enable_file_priority"] is false, remote attackers can execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to details.php and startpop.php. This is a remote, unauthenticated command-injection affecting the web-f...

6CVSS7.7AI score0.01234EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder