Lucene search
K

50 matches found

OSV
OSV
added 2019/03/06 10:29 p.m.3 views

CVE-2019-9617

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

8.8CVSS7.6AI score0.02749EPSS
Exploits1References1
CVE
CVE
added 2018/08/27 5:0 p.m.187 views

CVE-2018-15908

Artifex Ghostscript 9.23, prior to 2018-08-23, is affected by a restriction-bypass in .tempfile that allows crafted PostScript files to bypass safety checks and write files. Impact is stated as enabling file writes via PostScript, with broader security fixes applied in multiple distros. Remediati...

7.8CVSS6.6AI score0.01916EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/11/15 3:29 a.m.3 views

CVE-2017-11830

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability"...

5.3CVSS5.5AI score0.0257EPSS
Exploits8References5
CNVD
CNVD
added 2017/06/10 12:0 a.m.2 views

WSTShop suffers from an administrator password reset vulnerability

WSTShop e-commerce system is a single merchant e-commerce system based on PHP+MySQL. WSTShop suffers from an administrator password reset vulnerability. The vulnerability stems from an installation file bypass, which can be exploited by an attacker to reset the administrator password...

7.1AI score
Exploits0
NVD
NVD
added 2015/10/12 10:59 a.m.20 views

CVE-2015-6322

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.18 allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563...

6.6CVSS6.4AI score0.00383EPSS
Exploits0References2
NVD
NVD
added 2010/08/30 8:0 p.m.19 views

CVE-2010-3002

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors...

9.3CVSS6.4AI score0.01501EPSS
Exploits0References6
OSV
OSV
added 2007/06/07 9:30 p.m.7 views

CVE-2007-3122

The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR...

6.3AI score
Exploits0References13
RedHat Linux
RedHat Linux
added 2006/06/09 3:0 p.m.5 views

Mysql log file obfuscation

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysqlrealquery function. NOTE: this issue was originally reported for the mysqlquery function, but the vendor states that since mysqlquer...

4.6CVSS7.4AI score0.01347EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/10/14 4:0 a.m.16 views

CVE-2005-3216

Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even...

6.5AI score0.04598EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2003/03/07 12:0 a.m.41 views

Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass

source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper...

7.4AI score
Exploits0
Rows per page
Query Builder