Lucene search
K

6484 matches found

myhack58
myhack58
added 2011/12/04 12:0 a.m.21 views

SAE Sina cloud after the end of an arbitrary file read vulnerability and fix-vulnerability warning-the black bar safety net

Describe: Sina SAE uses an unsafe third-party components, may result in any read after end of file Detailed description: http://pma.tools.sinaapp.com/ Is a mysql management client, using phpmyadmin, according to a recent 80sec in the tick published on phpmyadmin arbitrary file reading vulnerabili...

0.1AI score
Exploits0
OSV
OSV
added 2011/11/17 7:55 p.m.1 views

DEBIAN-CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

6.5CVSS7.8AI score0.12852EPSS
Exploits7References1
Packet Storm
Packet Storm
added 2011/11/02 12:0 a.m.21 views

phpMyAdmin Arbitrary File Read

Hi 80sec report this bug on wooyun,PhpMyadmin use a simplexmlloadstring function to read xml from user input,this may be exploied to read files from the server or network in libraries/import/xml.php,some code like this / Load the XML string The option LIBXMLCOMPACT is specified because it can...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.94 views

ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)

Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2011/10/12 12:0 a.m.40 views

ABUS TVIP 11550/21550 File Read / File Upload / Command Execution

Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2011/09/23 12:0 a.m.22 views

ea-gBook <= 0.1.4 LFI Vulnerability - Active Check

ea-gBook is prone to local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.01907EPSS
Exploits1References4
CVE
CVE
added 2011/09/09 11:0 p.m.40 views

CVE-2009-5093

CVE-2009-5093 describes a directory traversal in Gastbuch (Gästebuch) 1.6 where an attacker can read arbitrary files by supplying a .. in the start parameter. The vulnerability affects gastbuch.php and stems from improper path handling, enabling remote access without authentication. Exploitation ...

5CVSS6.8AI score0.02884EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2011/08/10 8:0 p.m.91 views

CVE-2011-2178

CVE-2011-2178 affects libvirt (virSecurityManagerGetPrivateData in security/security_manager.c) from versions 0.8.8–0.9.1. The bug uses the wrong argument for a sizeof call, causing incorrect processing of security manager private data that reopens disk probing, which may allow guest OS users to ...

4.4CVSS6.4AI score0.00283EPSS
Exploits0References8Affected Software1
Packet Storm
Packet Storm
added 2011/08/05 12:0 a.m.24 views

CiscoKits TFTP Directory Traversal

CiscoKits TFTP Server Directory Traversal Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1022 21/07/2011 Issue Discovered 03/08/2011 Vendor Notified Vendor Replied to Disclose 04/08/2011 Advisory Released Class: Information Disclosure Severity: Medium Overview:...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/07/28 6:7 p.m.4 views

libsoup: SoupServer directory traversal flaw

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...

5CVSS7.3AI score0.01925EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2011/06/24 12:0 a.m.7 views

i-doit 'lang' Parameter Local File Include Vulnerability

I-doit is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score
Exploits0References2
Packet Storm
Packet Storm
added 2011/05/04 12:0 a.m.53 views

ZyWALL USG Appliance Arbitrary File Read / Write

Advisory: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically. Details =======...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2011/04/22 12:0 a.m.12 views

WordPress GRAND Flash Album Gallery Plugin Multiple Vulnerabilities

WordPress GRAND Flash Album Gallery Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.4AI score
Exploits0References5
CVE
CVE
added 2011/03/16 10:0 p.m.75 views

CVE-2011-0751

Nostromo nhttpd (Nazgul Nostromo) versions up to 1.9.3 are vulnerable to CVE-2011-0751 due to improper validation of user-supplied paths, allowing directory traversal via encoded dot dot slash ("..%2f") in URIs and resulting in arbitrary file read or remote command execution. The issue affects th...

7.5CVSS9.4AI score0.03664EPSS
Exploits4References9Affected Software1
NVD
NVD
added 2011/02/15 1:0 a.m.26 views

CVE-2010-4730

Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...

6.8CVSS6AI score0.01856EPSS
Exploits2References3
OSV
OSV
added 2011/01/24 6:0 p.m.2 views

DEBIAN-CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

3.3CVSS6.5AI score0.00366EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-1008-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS6.4AI score0.00423EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.38 views

Mandriva Update for pam MDVSA-2010:220 (pam)

Check for the Version of pam OpenVAS Vulnerability Test Mandriva Update for pam MDVSA-2010:220 pam Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

6.9CVSS6.5AI score0.00416EPSS
Exploits0References2
CVE
CVE
added 2010/09/29 4:0 p.m.64 views

CVE-2010-3468

CVE-2010-3468 describes a directory traversal in Mura CMS (fileManager.cfc) that lets an attacker read arbitrary server files by manipulating the FILEID parameter in the default URI under tasks/render/file/. Affected are Mura CMS 5.1 prior to 5.1.498, 5.2 prior to 5.2.2809, and Sava CMS 5.x up to...

5CVSS6.7AI score0.07041EPSS
Exploits5References5Affected Software1
seebug.org
seebug.org
added 2010/09/11 12:0 a.m.18 views

搜狗浏览器任意文件读取漏洞

搜狗浏览器设计时存在一些问题,结合一些其他漏洞,可能导致非法用户可以远程读取任意本地文件 搜狗浏览器使用本地的Html来开发一些一些功能,但是其中一个Html里存在着dom类型的xss漏洞,由于xss发生在本地所以可以获得本地的权限,利用javascript即可读取任意的本地文件 搜狗浏览器 2.0.0.1070 厂商补丁: sogou -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://ie.sogou.com/...

7.1AI score
Exploits0
Rows per page
Query Builder