Lucene search
K

1285 matches found

OSV
OSV
added 2014/02/20 4:55 p.m.14 views

AZL-6651 CVE-2013-4420 affecting package libtar for versions less than 1.2.20-8

Multiple directory traversal vulnerabilities in the 1 tarextractglob and 2 tarextractall functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. dot dot in a crafted tar file...

5.8CVSS6.6AI score0.03277EPSS
Exploits0References1
OSV
OSV
added 2014/02/20 4:55 p.m.1 views

DEBIAN-CVE-2013-4420

Multiple directory traversal vulnerabilities in the 1 tarextractglob and 2 tarextractall functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. dot dot in a crafted tar file...

5.8CVSS5.5AI score0.03277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2014/02/20 12:0 a.m.3 views

PT-2014-2786 · None +1 · Libtar +1

Name of the Vulnerable Software and Affected Versions: libtar versions 1.2.20 and earlier Description: The issue concerns multiple directory traversal vulnerabilities in the tar extract glob and tar extract all functions. These vulnerabilities allow remote attackers to overwrite arbitrary files b...

9.1CVSS8AI score0.03277EPSS
Exploits0References26
OpenVAS
OpenVAS
added 2014/02/18 12:0 a.m.20 views

Debian Security Advisory DSA 2863-1 (libtar - directory traversal)

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...

5.8CVSS0.3AI score0.03277EPSS
Exploits0References1
Kitploit
Kitploit
added 2014/02/10 10:33 p.m.23 views

[Quarks PwDump] Dump Windows Credentials

Quarks PwDump is new open source tool to dump various types of Windows credentials: local account, domain accounts, cached domain credentials and bitlocker. The tool is currently dedicated to work live on operating systems limiting the risk of undermining their integrity or stability. It requires...

6.6AI score
Exploits0
OSV
OSV
added 2013/11/23 11:55 a.m.2 views

DEBIAN-CVE-2013-4473

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a source filename...

7.5CVSS8.1AI score0.07126EPSS
Exploits1References1
Nmap
Nmap
added 2013/06/18 12:48 a.m.175 views

http-comments-displayer NSE Script

Extracts and outputs HTML and JavaScript comments from HTTP responses. Script Arguments http-comments-displayer.singlepages Some single pages to check for comments. For example, "/", "/wiki". Default: nil crawler mode on http-comments-displayer.context declares the number of chars to extend our...

10CVSS0.1AI score0.99448EPSS
Exploits33
Metasploit
Metasploit
added 2013/01/14 4:6 p.m.26 views

WordPress W3-Total-Cache Plugin 0.9.2.4 (or before) Username and Hash Extract

The W3-Total-Cache Wordpress Plugin 'WordPress W3-Total-Cache Plugin 0.9.2.4 or before Username and Hash Extract', 'Description' = "The W3-Total-Cache Wordpress Plugin = 0.9.2.4 can cache database statements and its results in files for fast access. Version 0.9.2.4 has been fixed afterwards so it...

7.4AI score
Exploits0
OSV
OSV
added 2012/08/20 6:55 p.m.1 views

DEBIAN-CVE-2011-3936

The dvextractaudio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a craft...

4.3CVSS6.6AI score0.02545EPSS
Exploits0References1
Metasploit
Metasploit
added 2012/01/10 11:32 p.m.14 views

MSSQL Schema Dump

This module attempts to extract the schema from a MSSQL Server Instance. It will disregard builtin and example DBs such as master, model, msdb, and tempdb. The module will create a note for each DB found, and store a YAML formatted output as loot for easy reading. This module requires Metasploit:...

7.2AI score
Exploits0
Metasploit
Metasploit
added 2011/08/10 5:48 p.m.26 views

Windows Gather Trillian Password Extractor

This module extracts account password from Trillian & Trillian Astra v4.x-5.x instant messenger. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Trillian Password Extractor',...

1AI score
Exploits0
seebug.org
seebug.org
added 2011/04/15 12:0 a.m.20 views

PDF Extract TIFF 'pdf2tif.dll'缓冲区溢出漏洞

Bugtraq ID: 47322 PDF Extract TIFF用于从PDF文件中提取图像并且保存为TIFF格式,然后用Word, Adobe Photoshop之类的程序进行再次编辑。 解析PDF文件时pdf2tif.dll存在错误,攻击者可以构建恶意输入文件,诱使用户解析触发缓冲区溢出,可导致以应用程序上下文执行任意代码。插件也受此漏洞影响。 VeryPDF PDF Extract TIFF 厂商解决方案 用户可联系供应商下载最新版本: http://www.verypdf.com/...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.32 views

VeryPDF PDF Extract TIFF library multiple security vulnerabilities

Multiple vulnerabilities on PDF parsing...

3.3AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2011/02/18 12:0 a.m.28 views

CVE-2011-0420

The graphemeextract function in the Internationalization extension Intl for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service crash via an invalid size argument, which triggers a NULL pointer dereference...

5CVSS7.2AI score0.14409EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2011/02/07 12:0 a.m.26 views

PHP < 5.2.15 Security Bypass Vulnerability

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

5CVSS6.7AI score0.01337EPSS
Exploits0References2
NVD
NVD
added 2011/02/02 10:0 p.m.13 views

CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTROVERWRITE parameter to overwrite 1 the GLOBALS superglobal array and 2 the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended t...

5CVSS9.5AI score0.01337EPSS
Exploits0References7
Prion
Prion
added 2011/02/02 10:0 p.m.19 views

Design/Logic Flaw

The extract function in PHP before 5.2.15 does not prevent use of the EXTROVERWRITE parameter to overwrite 1 the GLOBALS superglobal array and 2 the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended t...

5CVSS7AI score0.02319EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2011/02/02 10:0 p.m.15 views

CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTROVERWRITE parameter to overwrite 1 the GLOBALS superglobal array and 2 the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended t...

5CVSS5.9AI score0.01337EPSS
Exploits0References2
CVE
CVE
added 2011/02/02 9:0 p.m.119 views

CVE-2011-0752

PHP 5.2.x before 5.2.15 is affected by an exploit in the extract function where EXTR_OVERWRITE can overwrite the GLOBALS array and the this variable, enabling context‑dependent attackers to bypass access restrictions by modifying data structures. The issue is tied to previous CVEs (2005/2006) and...

5CVSS9.3AI score0.01337EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2011/02/02 9:0 p.m.22 views

CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTROVERWRITE parameter to overwrite 1 the GLOBALS superglobal array and 2 the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended t...

9.5AI score0.01337EPSS
Exploits0References7
Rows per page
Query Builder