Lucene search
+L

326 matches found

Debian CVE
Debian CVE
added 2021/04/27 5:18 a.m.46 views

CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

5.9CVSS6.2AI score0.01339EPSS
Exploits0
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.3 views

NLnet Labs Unbound 注入漏洞

Unbound is a DNS resolver that supports validation, recursion, and caching features. A configuration injection vulnerability exists in createunboundadservers.sh in versions of Unbound prior to 1.9.5. A man-in-the-middle attacker can exploit this vulnerability to inject configuration via a plainte...

5.9CVSS8.4AI score0.01339EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.6 views

PT-2019-6283 · Nlnet +5 · Unbound +5

Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to impact data integrity. This can occur upon a successful...

9.8CVSS7.7AI score0.03212EPSS
Exploits1References120
OSV
OSV
added 2019/08/01 1:15 p.m.6 views

CVE-2018-20885

cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...

5.3CVSS5.8AI score0.00767EPSS
Exploits0References1
NVD
NVD
added 2019/08/01 1:15 p.m.22 views

CVE-2018-20885

cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...

5.3CVSS5.5AI score0.00767EPSS
Exploits0References1
Prion
Prion
added 2019/08/01 1:15 p.m.19 views

Command injection

cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...

5CVSS5.6AI score0.00767EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/01 1:0 p.m.60 views

CVE-2018-20885

CVE-2018-20885 affects cPanel prior to 74.0.0 and is caused by Apache HTTP Server configuration injection due to DocumentRoot variable interpolation (SEC-416). The available documents identify the affected product version and the vulnerability class but do not provide details on exploitation atte...

5.3CVSS5.5AI score0.00767EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/01 1:0 p.m.27 views

CVE-2018-20885

cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...

5.6AI score0.00767EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/06 3:2 p.m.45 views

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

8.9AI score0.02013EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2018/07/20 12:0 a.m.33 views

[ASA-201807-13] networkmanager-vpnc: privilege escalation

Arch Linux Security Advisory ASA-201807-13 ========================================== Severity: High Date : 2018-07-20 CVE-ID : CVE-2018-10900 Package : networkmanager-vpnc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-739 Summary ======= The package...

8.8CVSS2.9AI score0.05059EPSS
Exploits7References5
OSV
OSV
added 2018/07/15 1:29 a.m.5 views

ALPINE-CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...

6.5CVSS7.2AI score0.01463EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2018/07/15 1:0 a.m.58 views

CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...

6.5CVSS6.9AI score0.01463EPSS
Exploits0
CNVD
CNVD
added 2018/02/07 12:0 a.m.6 views

Kaspersky Secure Mail Gateway Configuration File Injection Vulnerability

Kaspersky Secure Mail Gateway is an email security solution from Russia's Kaspersky Lab. The program is able to automatically filter spam, phishing sites and various malicious attachments. A security vulnerability exists in Kaspersky Secure Mail Gateway version 1.1. An attacker can exploit the...

10CVSS7.4AI score0.06598EPSS
Exploits1References1
OSV
OSV
added 2018/01/23 3:29 p.m.3 views

DEBIAN-CVE-2017-15093

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...

5.3CVSS6.8AI score0.00828EPSS
Exploits0References1
OSV
OSV
added 2018/01/23 3:29 p.m.4 views

UBUNTU-CVE-2017-15093

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...

5.3CVSS6.6AI score0.00828EPSS
Exploits0References4
CVE
CVE
added 2018/01/23 3:0 p.m.111 views

CVE-2017-15093

CVE-2017-15093 affects PowerDNS Recursor (4.x up to 4.0.6 and 3.x up to 3.7.4). An authenticated user can modify the Recursor’s ACL by adding/removing netmasks and configure forward zones when api-config-dir is non-empty. The root cause is insufficient validation of the new netmask and IP address...

5.3CVSS5.6AI score0.00828EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/08/21 3:29 p.m.5 views

CVE-2017-5187

A Cross-Site Request Forgery CWE-352 vulnerability in Directory Server aka Enterprise Server Administration web UI in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to...

8.8CVSS5.8AI score0.00751EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/11/19 2:51 a.m.4 views

realmd: untrusted data is used when configuring sssd.conf and/or smb.conf

A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response...

5CVSS5.9AI score0.02915EPSS
Exploits0References4
OSV
OSV
added 2015/05/18 3:59 p.m.3 views

CVE-2015-2704

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...

6.4AI score
Exploits0References5
Packet Storm
Packet Storm
added 2013/06/01 12:0 a.m.24 views

PHP4DVD 2.0 Code Injection

Exploit Title : PHP4DVD PHP Code Injection Date : 31 May 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://php4dvd.sourceforge.net/ Software Link : http://downloads.sourceforge.net/project/php4dvd/php4dvd-2.0.zip Version : 2.0 Tested on : Window and Linux...

7.4AI score
Exploits0
Rows per page
Query Builder