Lucene search
K

130 matches found

Packet Storm
Packet Storm
added 2016/06/16 12:0 a.m.78 views

Roxy File Manager 1.4.4 Shell Upload

Exploit Title: Roxy Fileman = 1.4.4 Forbidden File Upload Vulnerability Google Dork: intitle:"Roxy file manager" Date: 15-06-2016 Exploit Author: Tyrell Sassen Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.4-php Version: 1.4.4 Tested on:...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2015/11/03 6:0 p.m.25 views

CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

6.8CVSS7.2AI score0.08722EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/08/31 12:0 a.m.30 views

Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)

T94116 SECURITY: Compare API watchlist token in constant time T97391 SECURITY: Escape error message strings in thumb.php T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia...

7.5CVSS5.3AI score0.02747EPSS
Exploits0References14
Prion
Prion
added 2014/12/20 12:59 a.m.17 views

Design/Logic Flaw

Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting...

9CVSS6.9AI score0.03141EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.14 views

LiveOptim 1.1.3 - Configuration Setting Manipulation CSRF

The SEO Plugin LiveOptim WordPress plugin was affected by a Configuration Setting Manipulation CSRF security vulnerability...

6.8CVSS2.3AI score0.01081EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.307 views

Plesk < 9.5.4 - Zeroday Remote Exploit

No description provided by source. Plesk Apache zeroday / June 2013 discovered & exploited by kingcope this Plesk configuration setting makes it possible: scriptAlias /phppath/ /usr/bin/ Furthermore this is not cve-2012-1823 because the php interpreter is called directly. no php file is called...

7.5CVSS10AI score0.99998EPSS
Exploits42
Tenable Nessus
Tenable Nessus
added 2014/03/24 12:0 a.m.90 views

OpenSSH < 6.6 Multiple Remote Restriction Bypass Vulnerability

Binary data 8169.prm...

7.5CVSS5.9AI score0.04751EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.43 views

Oracle Linux 3 / 4 : php (ELSA-2009-0337)

From Red Hat Security Advisory 2009:0337 : Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language...

10CVSS7.7AI score0.08845EPSS
Exploits13References7
Prion
Prion
added 2012/10/01 11:55 p.m.13 views

Authorization

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a 1 Cloud Controller or 2 Walrus service via a crafted message, as demonstrated by...

3.5CVSS6.7AI score0.00978EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2012/07/16 10:28 a.m.32 views

CVE-2011-4289

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page...

4CVSS5.9AI score0.01674EPSS
Exploits0References1
Prion
Prion
added 2012/07/16 10:28 a.m.15 views

Design/Logic Flaw

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page...

4CVSS6.2AI score0.01674EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.52 views

CentOS Update for php CESA-2009:0337 centos4 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2009:0337 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

10CVSS9AI score0.08845EPSS
Exploits13References2
UbuntuCve
UbuntuCve
added 2011/05/23 10:55 p.m.12 views

CVE-2009-5024

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...

5CVSS5.9AI score0.02644EPSS
Exploits0References1
Cvelist
Cvelist
added 2011/05/13 10:0 p.m.23 views

CVE-2011-1406

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...

6.2AI score0.0173EPSS
Exploits0References4
CVE
CVE
added 2011/05/13 10:0 p.m.66 views

CVE-2011-1406

CVE-2011-1406 affects Mahara prior to 1.3.6. If wwwroot is configured to HTTPS but the web server serves content over HTTP as well, users can log in via HTTP and credentials may be sniffed. Debian/OpenVAS advisories mirror this issue and recommend upgrading Mahara to the fixed version (1.3.6 or l...

4.3CVSS6.4AI score0.0173EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2011/04/21 10:55 a.m.23 views

CVE-2010-4786

IBM Tivoli Directory Server TDS 6.0 before 6.0.0.63 aka 6.0.0.8-TIV-ITDS-IF0005 allows remote authenticated users to cause a denial of service daemon crash or hang via a paged search, as demonstrated by a certain idsldapsearch command, related to an improper ibm-slapdIdleTimeOut configuration...

4CVSS6.1AI score0.00883EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/04/21 10:0 a.m.26 views

CVE-2010-4786

IBM Tivoli Directory Server TDS 6.0 before 6.0.0.63 aka 6.0.0.8-TIV-ITDS-IF0005 allows remote authenticated users to cause a denial of service daemon crash or hang via a paged search, as demonstrated by a certain idsldapsearch command, related to an improper ibm-slapdIdleTimeOut configuration...

6.1AI score0.00883EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/12/30 12:0 a.m.26 views

Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities.

The remote host is running the Sun Java System Directory Proxy Server, an LDAP application-layer protocol gateway. It is typically provided with Sun Java System Directory Server Enterprise Edition. The installed version of Sun Java System Directory Proxy Server is older than 6.3.1.1 and thus...

6.8CVSS5.6AI score0.02484EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2009/06/01 12:0 a.m.57 views

Fedora 9 : maniadrive-1.2-13.fc9 / php-5.2.9-2.fc9 (2009-3848)

Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2008-5557 A directory...

10CVSS6.3AI score0.08845EPSS
Exploits15References22
NVD
NVD
added 2009/05/11 2:30 p.m.16 views

CVE-2009-1596

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password aka canChangePassword console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwdchange IQ packet...

6.5CVSS6.1AI score0.012EPSS
Exploits1References6
Rows per page
Query Builder