Lucene search
K

83 matches found

CNVD
CNVD
added 2021/04/12 12:0 a.m.3 views

TnCMS suffers from a file upload vulnerability (CNVD-2021-30353)

TnCMS is a light content management system based on ThinkPHP6+layUI based development. TnCMS suffers from a file upload vulnerability that can be exploited by attackers to gain control of the server...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.62 views

Debian DLA-2385-1 : linux-4.19 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-3874 Kernel buffers allocated by the SCTP network protocol were not limited by the memory cgroup controller. A local user could potentially us...

9.3CVSS7.7AI score0.05228EPSS
Exploits6References21
OSV
OSV
added 2019/11/05 4:15 p.m.3 views

CVE-2019-18631

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 18.8, 3.5.2 18.11, and 3.6.0 19.6 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers...

7.8CVSS6.1AI score0.01182EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/16 12:0 a.m.5 views

NTPsec Null Pointer Dereference Vulnerability

NTPsec is an implementation of the Network Time Protocol. A null pointer dereference vulnerability exists in the ntpcontrol.c file in versions of NTPsec prior to 1.1.3, which can be exploited by an attacker to cause a denial of service...

6.5CVSS8.8AI score0.14076EPSS
Exploits5References1
Github Security Blog
Github Security Blog
added 2018/09/27 11:37 a.m.26 views

Cross-Site Scripting in glance

Versions of glance before 3.0.8 are vulnerable to Stored Cross-Site Scripting XSS. This is only exploitable if the attacker is able to control the name of a file that is served by the glance package...

6.1CVSS3AI score0.00759EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2017/09/27 12:0 a.m.4 views

GeniXCMS /inc/lib/backend/menus.control.php file cross-site scripting vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in the /inc/lib/backend/menus.control.php file in MetalGenix...

6.1CVSS5.8AI score0.00683EPSS
Exploits1References1
Veracode
Veracode
added 2017/05/23 2:58 a.m.13 views

SQL Injection

genix/cms is vulnerable to SQL injection attacks. The attacks exist because it does not filter the user-supplied parameter order given to the updateMenuOrder function in inc/lib/Control/Backend/menus.control.php which uses it as an SQL query...

8.8CVSS9.2AI score0.01066EPSS
Exploits0References2Affected Software1
Mageia
Mageia
added 2015/05/06 4:44 p.m.31 views

Updated dpkg packages fix CVE-2015-0840

Updated dpkg packages fix security vulnerability: The dpkg-source command in Debian dpkg before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc CVE-2015-0840...

4.3CVSS6.4AI score0.0184EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2015/04/13 2:0 p.m.70 views

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

4.3CVSS6.4AI score0.0184EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/04/08 12:0 a.m.22 views

Debian: Security Advisory (DSA-3217-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.0184EPSS
Exploits0References3
Debian
Debian
added 2014/07/02 6:40 p.m.42 views

[SECURITY] [DSA 2971-1] dbus security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2971-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso July 02, 2014 http://www.debian.org/security/faq -...

4CVSS6.5AI score0.00446EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

HP HP-UX <= 10.34 rlpdaemon Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/150/info A number of vulnerabilities exist in Hewlett Packard's rlpdaemon under HPUX 9.x and 10.x. These vulnerabilities may allow for a remote attacker to access the system under the lp user account, as well as execute...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/11/17 12:0 a.m.36 views

Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Viscom Image View...

1.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/11/29 9:5 p.m.8 views

cvs: Heap-based buffer overflow by applying RCS file changes

Array index error in the applyrcschange function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow...

6.9CVSS6.2AI score0.00392EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.14 views

RedHat Security Advisory RHSA-2009:1646

The remote host is missing updates announced in advisory RHSA-2009:1646. GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool's libltdl library looked for modul...

6.9CVSS0.5AI score0.00394EPSS
Exploits1References2
Cent OS
Cent OS
added 2009/12/08 10:18 p.m.85 views

libtool security update

CentOS Errata and Security Advisory CESA-2009:1646 Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Libtool is a set of shell...

6.9CVSS7AI score0.00394EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2009/10/27 12:0 a.m.65 views

HP-UX LPD Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HP-UX LPD...

7.2CVSS6.7AI score0.04429EPSS
Exploits6
Cvelist
Cvelist
added 2007/09/23 11:0 p.m.39 views

CVE-2001-1583

lpd daemon in.lpd in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220...

7.3AI score0.834EPSS
Exploits7References6
Metasploit
Metasploit
added 2006/01/16 2:59 a.m.52 views

Solaris LPD Command Execution

This module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Sun Solaris up to and including 8.0. This module uses a technique discovered by Dino Dai Zovi to exploit the flaw without needing to know the resolved name of the attacking system. This...

10CVSS7.5AI score0.834EPSS
Exploits7
FreeBSD
FreeBSD
added 2005/10/21 12:0 a.m.24 views

fetchmail -- fetchmailconf local password exposure

The fetchmail team reports: The fetchmailconf program before and excluding version 1.49 opened the run control file, wrote the configuration to it, and only then changed the mode to 0600 rw-------. Writing the file, which usually contains passwords, before making it unreadable to other users, can...

2.1CVSS6.6AI score0.00453EPSS
Exploits0References1
Rows per page
Query Builder