Lucene search
K

6493 matches found

Packet Storm
Packet Storm
added 2011/05/04 12:0 a.m.53 views

ZyWALL USG Appliance Arbitrary File Read / Write

Advisory: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically. Details =======...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2011/04/22 12:0 a.m.12 views

WordPress GRAND Flash Album Gallery Plugin Multiple Vulnerabilities

WordPress GRAND Flash Album Gallery Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.4AI score
Exploits0References5
CVE
CVE
added 2011/03/16 10:0 p.m.77 views

CVE-2011-0751

Nostromo nhttpd (Nazgul Nostromo) versions up to 1.9.3 are vulnerable to CVE-2011-0751 due to improper validation of user-supplied paths, allowing directory traversal via encoded dot dot slash ("..%2f") in URIs and resulting in arbitrary file read or remote command execution. The issue affects th...

7.5CVSS9.4AI score0.03664EPSS
Exploits4References9Affected Software1
NVD
NVD
added 2011/02/15 1:0 a.m.26 views

CVE-2010-4730

Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...

6.8CVSS6AI score0.01856EPSS
Exploits2References3
OSV
OSV
added 2011/01/24 6:0 p.m.2 views

DEBIAN-CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

3.3CVSS6.5AI score0.00366EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.38 views

Mandriva Update for pam MDVSA-2010:220 (pam)

Check for the Version of pam OpenVAS Vulnerability Test Mandriva Update for pam MDVSA-2010:220 pam Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

6.9CVSS6.5AI score0.00416EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-1008-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS6.4AI score0.00423EPSS
Exploits0References3
CVE
CVE
added 2010/09/29 4:0 p.m.64 views

CVE-2010-3468

CVE-2010-3468 describes a directory traversal in Mura CMS (fileManager.cfc) that lets an attacker read arbitrary server files by manipulating the FILEID parameter in the default URI under tasks/render/file/. Affected are Mura CMS 5.1 prior to 5.1.498, 5.2 prior to 5.2.2809, and Sava CMS 5.x up to...

5CVSS6.7AI score0.07041EPSS
Exploits5References5Affected Software1
seebug.org
seebug.org
added 2010/09/11 12:0 a.m.19 views

搜狗浏览器任意文件读取漏洞

搜狗浏览器设计时存在一些问题,结合一些其他漏洞,可能导致非法用户可以远程读取任意本地文件 搜狗浏览器使用本地的Html来开发一些一些功能,但是其中一个Html里存在着dom类型的xss漏洞,由于xss发生在本地所以可以获得本地的权限,利用javascript即可读取任意的本地文件 搜狗浏览器 2.0.0.1070 厂商补丁: sogou -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://ie.sogou.com/...

7.1AI score
Exploits0
CVE
CVE
added 2010/08/19 5:43 p.m.61 views

CVE-2010-2237

CVE-2010-2237 affects libvirt (notably Red Hat libvirt 0.6.1–0.8.2) where probing of disk backing stores occurs without validating the user‑defined main disk format. This could allow a privileged guest user to read arbitrary files on the host via unknown vectors; other impact is not clearly speci...

4.4CVSS6.8AI score0.00317EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2010/07/08 10:0 p.m.47 views

CVE-2010-2676

Open Web Analytics (OWA) 1.2.3 is affected by multiple directory traversal flaws in index.php, exploitable via the owa_action and owa_do parameters. The underlying issue allows remote attackers to read arbitrary files, as described in CVE-2010-2676. Attack surface is network-exposed and does not ...

5CVSS7.1AI score0.02862EPSS
Exploits1References5Affected Software1
Metasploit
Metasploit
added 2010/06/24 5:3 a.m.21 views

Solaris KCMS + TTDB Arbitrary File Read

This module targets a directory traversal vulnerability in the kcmsserver component from the Kodak Color Management System. By utilizing the ToolTalk Database Server's TTISBUILD procedure, an attacker can bypass existing directory traversal validation and read arbitrary files. Vulnerable systems...

5CVSS6.9AI score0.25724EPSS
Exploits2
seebug.org
seebug.org
added 2010/05/26 12:0 a.m.22 views

Microsoft Internet Explorer 8 an arbitrary file read

No description provided by source. Internet Explorer is vulnerable to a drive-by arbitrary UNC file read, with the usual consequences local account password disclosure, etc. as in IE6 before SP1. It is in ICMFilter, which is accessible via the CSS filter property. Sample exploit code: div...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2010/05/25 2:30 p.m.4 views

CVE-2010-2034

Directory traversal vulnerability in the Percha Image Attach comperchaimageattach component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

7.5CVSS6AI score0.11077EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2010/05/24 5:30 p.m.3 views

CVE-2010-2018

Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

5CVSS5.8AI score0.03258EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2010/05/19 12:7 p.m.0 views

CVE-2010-1957

Directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

7.5CVSS5.8AI score0.14847EPSS
Exploits1References8
OSV
OSV
added 2010/05/12 11:46 a.m.3 views

DEBIAN-CVE-2010-1457

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a 1 -c or 2 -a option, which prints file contents in an error message...

4.9CVSS6.5AI score0.00862EPSS
Exploits1References1
OSV
OSV
added 2010/05/12 11:46 a.m.3 views

UBUNTU-CVE-2010-1457

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a 1 -c or 2 -a option, which prints file contents in an error message...

4.9CVSS5.9AI score0.00862EPSS
Exploits1References2
CVE
CVE
added 2010/05/11 8:0 p.m.95 views

CVE-2010-1878

Joomla! component OrgChart (com_orgchart) 1.0.0 is affected by a Local File Inclusion (directory traversal) vulnerability. The flaw allows an attacker to read arbitrary files by supplying a .. in the controller parameter to index.php, enabling unauthorized file access. Connected data confirms the...

7.5CVSS5.6AI score0.11429EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2010/05/04 3:0 p.m.96 views

CVE-2010-1723

Joomla! Component iNetLanka Contact Us Draw Root Map (com_drawroot) version 1.1 is affected by a Local File Inclusion (directory traversal) vulnerability. The issue arises from passing a .. sequence in the controller parameter to index.php, enabling remote attackers to read arbitrary server files...

6.8CVSS6.2AI score0.08408EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder