Lucene search
K

777 matches found

OwnCloud
OwnCloud
added 2015/03/25 2:49 p.m.68 views

Server: Bypass of file blacklist on Microsoft Windows Platform

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could...

6CVSS5.1AI score0.01339EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2015/03/25 2:49 p.m.51 views

Server: Bypass of file blacklist

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute...

6CVSS5.1AI score0.01339EPSS
Exploits0Affected Software1
NVD
NVD
added 2015/02/04 6:59 p.m.19 views

CVE-2014-9044

Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...

5CVSS6.1AI score0.01186EPSS
Exploits0References1
Prion
Prion
added 2015/02/04 6:59 p.m.19 views

Information disclosure

Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...

5CVSS6.6AI score0.01186EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2015/01/13 12:0 a.m.32 views

Microsoft Windows Directory Traversal Elevation of Privilege (MS15-004; CVE-2015-0016)

An elevation of privilege vulnerability exists in Windows Components. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker can exploit this vulnerability by tricking a user into downloading a specially crafted application...

9.3CVSS6AI score0.7594EPSS
Exploits5
Cvelist
Cvelist
added 2014/10/25 10:0 p.m.23 views

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

6.8AI score0.03828EPSS
Exploits6References8
CVE
CVE
added 2014/10/25 10:0 p.m.118 views

CVE-2014-0476

chkrootkit before 0.50 contains a flaw in the slapper function that does not properly quote file paths, allowing a local user to execute arbitrary code via a Trojan horse executable in /tmp when /tmp is not mounted with noexec. This enables local privilege escalation to root. Public reports refer...

3.7CVSS7AI score0.03828EPSS
Exploits6References8Affected Software2
Debian CVE
Debian CVE
added 2014/10/25 10:0 p.m.17 views

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

3.7CVSS6.9AI score0.03828EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

PlaySMS <= 0.9.5.2 - Remote File Inclusion Vulnerability

No description provided by source. ============================================================================================================= o PlaySMS = Remote File Inclusion Vulnerability Software : PlaySMS ver 0.9.5.2 Vendor : http://playsms.org/ Author : NoGe Contact :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

ASPMass Shopping Cart - Vulnerability File Upload CSRF

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-30-aspmass-shopping-cart-vulnerability-file-upload-csrf/ ''' Abysssec Inc Public Advisory Title : ASPMass...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

AtomixMP3 <= 2.3 - (.M3U) Buffer Overflow Exploit

No description provided by source. / ======================================================================== 0-day AtomixMP3 = v2.3 Malformed M3U Buffer Overflow PoC ======================================================================== AtomixMP3 Player/Mixer fails to properly handle large fil...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2014/06/04 12:0 a.m.30 views

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

3.7CVSS6.3AI score0.03828EPSS
Exploits6References2
Hacker One
Hacker One
added 2014/04/16 7:3 a.m.45 views

Concrete CMS: FULL PATH DISCLOSUR

Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page source, require the attacker to have the full path to the file they wis...

7.6AI score
Exploits0
Metasploit
Metasploit
added 2014/01/10 11:21 a.m.54 views

Windows Gather Enum User MUICache

This module gathers information about the files and file paths that logged on users have executed on the system. It also will check if the file still exists on the system. This information is gathered by using information stored under the MUICache registry key. If the user is logged in when the...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2013/08/26 12:0 a.m.28 views

Google Chrome Multiple Vulnerabilities-01 (Aug 2013) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.5CVSS6AI score0.01627EPSS
Exploits0References9
OPENSUSE Linux
OPENSUSE Linux
added 2013/01/23 2:5 p.m.41 views

Opera - security update to 12.11 (important)

Opera 12.11 is a recommended upgrade offering security and stability enhancements: -fixed an issue where HTTP response heap buffer overflow could allow execution of arbitrary code; -fixed an issue where error pages could be used to guess local file paths; see our advisory -fixed several issues...

1AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/01/21 12:0 a.m.35 views

CentOS Update for gnome-vfs2 CESA-2013:0131 centos5

Check for the Version of gnome-vfs2 OpenVAS Vulnerability Test CentOS Update for gnome-vfs2 CESA-2013:0131 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

4.3CVSS6.1AI score0.08437EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2013/01/11 12:0 a.m.29 views

RedHat Update for gnome-vfs2 RHSA-2013:0131-01

Check for the Version of gnome-vfs2 OpenVAS Vulnerability Test RedHat Update for gnome-vfs2 RHSA-2013:0131-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

4.3CVSS6.1AI score0.08437EPSS
Exploits1References2
0day.today
0day.today
added 2012/12/19 12:0 a.m.20 views

MyBB 1.6.9 full path disclosure

Exploit for windows platform in category web applications MyBB has released its update on 15th December. MyBB 1.6.9 is still affected with full path disclosure vulnerablity author : cyb3rboy website: freemium-devils.in code104.net greetz cyberace, ketan , shubham , S3v3n , th3 d3stroyer , amol th...

7.1AI score
Exploits0
NVD
NVD
added 2012/12/04 6:5 a.m.16 views

CVE-2012-5138

Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors...

10CVSS6.1AI score0.01497EPSS
Exploits0References6
Rows per page
Query Builder