Lucene search
K

54 matches found

OSV
OSV
added 2020/05/07 5:15 p.m.6 views

CVE-2020-12608

An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...

7.8CVSS7.5AI score0.22404EPSS
Exploits4References3
CNVD
CNVD
added 2019/11/04 12:0 a.m.3 views

Milesight IP security cameras trust management issue vulnerability (CNVD-2019-40063)

Milesight IP security cameras are IP camera products from China Pulse Digital Technology Milesight. A security vulnerability exists in Milesight IP security cameras version 2016-11-14 and earlier, which stems from a hardcoded SSL private key stored in the /etc/config directory. No details of the...

9.8CVSS6.8AI score0.02064EPSS
Exploits1References1
OSV
OSV
added 2018/01/23 3:29 p.m.1 views

DEBIAN-CVE-2017-15093

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...

5.3CVSS6.8AI score0.00828EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/05/23 4:29 a.m.24 views

CVE-2015-5383

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the 1 config, 2 temp, or 3 logs directory...

7.5CVSS7.1AI score0.03767EPSS
Exploits0References3
NVD
NVD
added 2016/04/13 4:59 p.m.15 views

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

7.5CVSS8.4AI score0.17852EPSS
Exploits3References4
Fedora
Fedora
added 2014/10/06 5:5 a.m.35 views

[SECURITY] Fedora 20 Update: mediawiki-1.23.4-1.fc20

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

7.5CVSS3.2AI score0.42777EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.19 views

openSUSE Security Update : horde5 (openSUSE-SU-2013:1826-1)

it fixes config directory permission and owner for bnc811369 CVE-2013-1090 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-938. The text description of this plugin is C SUSE LLC...

7.2CVSS5.3AI score0.00394EPSS
Exploits0References3
Prion
Prion
added 2013/06/05 3:43 a.m.9 views

Buffer overflow

Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors SSM and Application Service Monitors ASM 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in 1 hrfstable.idx, 2 hrdevice.idx, 3...

7.6CVSS8.2AI score0.02966EPSS
Exploits0References2Affected Software2
FreeBSD
FreeBSD
added 2011/12/16 12:0 a.m.46 views

phpMyAdmin -- Multiple XSS

The phpMyAdmin development team reports: Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS...

5.9AI score
Exploits0References2
Exploit DB
Exploit DB
added 2011/07/08 12:0 a.m.763 views

phpMyAdmin3 (pma3) - Remote Code Execution

!/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "config" directory must created&writeable in pm...

7.5CVSS6.6AI score0.12879EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2009/07/06 12:0 a.m.28 views

Fedora 10 : phpMyAdmin-3.2.0.1-1.fc10 (2009-7340)

The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...

4.3CVSS5.6AI score0.0198EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2009/07/06 12:0 a.m.22 views

Fedora 9 : phpMyAdmin-3.2.0.1-1.fc9 (2009-7337)

The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...

4.3CVSS5.6AI score0.0198EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2009/06/09 12:0 a.m.294 views

phpMyAdmin - '/scripts/setup.php' PHP Code Injection

!/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC script and providing feedback! PoC...

9.8CVSS7AI score0.95438EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2006/01/22 12:0 a.m.3 views

PT-2006-1441 · Rcblog · Rcblog

Name of the Vulnerable Software and Affected Versions: RCBlog version 1.03 Description: The issue allows remote attackers to view account names and MD5 password hashes due to insufficient access control of the data and config directories stored under the web root. Recommendations: For RCBlog...

5CVSS6.4AI score0.01762EPSS
Exploits1References8
Rows per page
Query Builder