Lucene search
K

355 matches found

cve
cve
added 2014/12/01 3:0 p.m.46 views

CVE-2014-5237

Open-Xchange App Suite (documentconverter) is affected by CVE-2014-5237. The vulnerability allows Server-Side Request Forgery (SSRF) via a URL embedded in an image within a Text document, which is not correctly handled by the image preview. Affected versions are Open-Xchange App Suite before 7.4....

4.3CVSS7.5AI score0.02357EPSS
Exploits1References3Affected Software1
cisco
cisco
added 2013/09/09 1:47 p.m.17 views

Cisco Prime Network Control System Cross-Site Scripting Vulnerability

A vulnerability in the health monitor login page of Cisco Prime Network Control System NCS could allow an unauthenticated, remote attacker to conduct cross-site XSS scripting attacks. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

4.3CVSS2.2AI score0.01531EPSS
Exploits0References1
cisco
cisco
added 2013/09/06 3:50 p.m.35 views

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the bookmarklet.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of th...

4.3CVSS3.1AI score0.01792EPSS
Exploits0References1
cisco
cisco
added 2013/07/17 1:46 p.m.26 views

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...

4.3CVSS3AI score0.00576EPSS
Exploits0References1
cisco
cisco
added 2013/07/01 12:44 p.m.21 views

Cisco Content Filtering Devices Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...

4.3CVSS2.9AI score0.00576EPSS
Exploits2References1
osv
osv
added 2009/04/09 3:8 p.m.1 views

DEBIAN-CVE-2008-5519

The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...

2.6CVSS6.9AI score0.07263EPSS
Exploits2References1
gentoo
gentoo
added 2009/03/09 12:0 a.m.36 views

cURL: Arbitrary file access

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact A remote attacker could possibly...

6.8CVSS2.3AI score0.07812EPSS
Exploits2
openvas
openvas
added 2009/03/07 12:0 a.m.21 views

FreeBSD Ports: curl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

6.8CVSS7.8AI score0.07812EPSS
Exploits2References2
ubuntucve
ubuntucve
added 2009/03/05 2:30 a.m.34 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.1AI score0.07812EPSS
Exploits2References2
nvd
nvd
added 2009/03/05 2:30 a.m.18 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7AI score0.07812EPSS
Exploits2References32
osv
osv
added 2009/03/05 2:30 a.m.4 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.1AI score0.07812EPSS
Exploits2References36
cvelist
cvelist
added 2009/03/05 2:0 a.m.23 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

8.3AI score0.07812EPSS
Exploits2References32
debiancve
debiancve
added 2009/03/05 2:0 a.m.23 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS5.8AI score0.07812EPSS
Exploits2
exploitpack
exploitpack
added 2004/03/21 12:0 a.m.52 views

Invision Gallery 1.0.1 - SQL Injection

Invision Gallery 1.0.1 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script...

7.5CVSS0.6AI score0.0493EPSS
Exploits4
exploitdb
exploitdb
added 2004/03/21 12:0 a.m.37 views

Invision Gallery < 1.0.1 - SQL Injection

Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming...

7.5CVSS6.7AI score0.0493EPSS
Exploits4
Rows per page
Query Builder