Lucene search
+L

624 matches found

CVE
CVE
added 2009/01/26 8:0 p.m.74 views

CVE-2008-5967

CVE-2008-5967 affects PHP iCalendar up to version 2.x. The issue is that admin/index.php does not require administrative authentication for an addupdate action, enabling remote attackers to upload a calendar (.ics) file with arbitrary content to the calendars/ directory outside the web root. This...

7.5CVSS7.3AI score0.03326EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/01/25 12:0 a.m.43 views

Apache Tomcat < 5.5.29 / 6.0.24

Binary data 800619.prm...

5.8CVSS7.2AI score0.1078EPSS
Exploits0References5
NVD
NVD
added 2008/06/04 8:32 p.m.23 views

CVE-2008-0952

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...

9.3CVSS6.5AI score0.05529EPSS
Exploits0References9
Prion
Prion
added 2008/06/04 8:32 p.m.15 views

Hardcoded credentials

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...

9.3CVSS6.8AI score0.08819EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2008/06/04 8:0 p.m.22 views

CVE-2008-0952

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...

6.4AI score0.05529EPSS
Exploits0References9
Cvelist
Cvelist
added 2008/02/12 12:0 a.m.21 views

CVE-2008-0701

ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content...

7AI score0.01186EPSS
Exploits0References4
NVD
NVD
added 2007/12/27 10:46 p.m.16 views

CVE-2007-6527

uploadimg.php in the Automatic Image Upload with Thumbnails imgUpload module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a 1 JPG, 2 GIF, or 3 PNG MIME type...

5.8CVSS7.3AI score0.0105EPSS
Exploits0References4
Prion
Prion
added 2007/12/27 10:46 p.m.17 views

Design/Logic Flaw

uploadimg.php in the Automatic Image Upload with Thumbnails imgUpload module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a 1 JPG, 2 GIF, or 3 PNG MIME type...

5.8CVSS7.9AI score0.0105EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/12/27 10:0 p.m.37 views

CVE-2007-6527

CVE-2007-6527 affects PunBB’s Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2. The issue arises because the upload handler only verifies the Content-Type of uploaded files, allowing remote attackers to upload and execute arbitrary content by crafting a file with a (1) JPG, (2) GIF...

5.8CVSS7.4AI score0.0105EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/12/27 10:0 p.m.25 views

CVE-2007-6527

uploadimg.php in the Automatic Image Upload with Thumbnails imgUpload module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a 1 JPG, 2 GIF, or 3 PNG MIME type...

7.3AI score0.0105EPSS
Exploits0References4
NVD
NVD
added 2007/10/30 10:46 p.m.15 views

CVE-2007-4277

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions Everyone:Write for the \.\Tmfilter device, which allows local users to send arbitrary content to the device via the...

6.6CVSS7.1AI score0.00387EPSS
Exploits1References7
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.65 views

iDefense Security Advisory 04.27.07: VMware Workstation Shared Folders Directory Traversal Vulnerability

VMware Workstation Shared Folders Directory Traversal Vulnerability iDefense Security Advisory 04.27.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 27, 2007 I. BACKGROUND VMware Workstation is a software virtualization system which allows multiple virtual computers to run on a sing...

6.3CVSS0.00445EPSS
Exploits1
exploitpack
exploitpack
added 2007/03/05 12:0 a.m.21 views

Gnome Evolution 2.x - GnuPG Arbitrary Content Injection

Gnome Evolution 2.x - GnuPG Arbitrary Content Injection source: https://www.securityfocus.com/bid/22760/info Evolution is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add...

7.7AI score
Exploits0
exploitpack
exploitpack
added 2007/03/05 12:0 a.m.13 views

KMail 1.x - GnuPG Arbitrary Content Injection

KMail 1.x - GnuPG Arbitrary Content Injection source: https://www.securityfocus.com/bid/22759/info KMail is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/05 12:0 a.m.26 views

KMail 1.x - GnuPG Arbitrary Content Injection

source: https://www.securityfocus.com/bid/22759/info KMail is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary content into a GnuPG signed and/or encrypted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/05 12:0 a.m.28 views

GnuPG 1.x - Signed Message Arbitrary Content Injection

source: https://www.securityfocus.com/bid/22757/info GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/05 12:0 a.m.30 views

Gnome Evolution 2.x - GnuPG Arbitrary Content Injection

source: https://www.securityfocus.com/bid/22760/info Evolution is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary content into a GnuPG signed and/or encrypted...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.53 views

[Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Dotdeb PHP Email Header Injection Vulnerability Release Date: 2006/11/14 Last Modified: 2006/11/14 Author: Stefan Esser [email protected] Application: Dotdeb PHP 5.2.0 R...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/05/19 12:0 a.m.19 views

Artmedic NewsLetter 4.1 - &#039;Log.php&#039; Remote Script Execution

source: https://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to create files containing arbitrary conte...

7.4AI score
Exploits0
CVE
CVE
added 2005/03/28 5:0 a.m.49 views

CVE-2002-1651

CVE-2002-1651 describes a cross-site scripting (XSS) vulnerability in the Verity Search97 product. The issue arises from certain error messages in template pages that use the (1) vformat and (2) vfilter functions, enabling remote attackers to inject arbitrary web content and potentially access se...

4.3CVSS6.1AI score0.01337EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder