Lucene search
K

197 matches found

OpenVAS
OpenVAS
added 2018/12/12 12:0 a.m.43 views

phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities (PMASA-2018-6, PMASA-2018-8) - Linux

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.03254EPSS
Exploits0References2
Prion
Prion
added 2018/12/11 5:29 p.m.31 views

Code injection

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

4CVSS6.3AI score0.03254EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2018/12/11 5:29 p.m.4 views

DEBIAN-CVE-2018-19968

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

6.5CVSS9.2AI score0.03254EPSS
Exploits0References1
CVE
CVE
added 2018/12/11 5:0 p.m.161 views

CVE-2018-19968

CVE-2018-19968 affects phpMyAdmin prior to 4.8.4. An attacker can leak the contents of a local file due to an error in the transformation feature. Exploitation requires access to the phpMyAdmin Configuration Storage tables (which can be created by the attacker in any database they can access) and...

6.5CVSS6.2AI score0.03254EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2018/12/11 5:0 p.m.61 views

CVE-2018-19968

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

6.5CVSS6.5AI score0.03254EPSS
Exploits0
Elastic
Elastic
added 2018/12/05 7:42 p.m.7 views

Elastic Stack 6.5.2 security update

Elasticsearch information disclosure ESA-2018-19 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning’s findfilestructure API. If a policy allowing external network access has been added to Elasticsearch’s Java Security Manager then an attacker could send a...

5.9CVSS5.9AI score0.01383EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/09/04 6:0 p.m.6 views

rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...

7.5CVSS7.3AI score0.26717EPSS
Exploits2References6
canvas
canvas
added 2018/01/04 1:29 p.m.2176 views

Immunity Canvas: SPECTRE_FILE_LEAK

Name| spectrefileleak ---|--- CVE| CVE-2017-5753 Exploit Pack| CANVAS Description| Spectre File Leak Notes| CVE Name: CVE-2017-5753 Notes: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets...

4.7CVSS6.2AI score0.93838EPSS
Exploits9
Hacker One
Hacker One
added 2016/05/05 12:20 p.m.26 views

Internet Bug Bounty: User credentials leak and arbitrary local file read/leak due to same-origin-policy violation

Vulnerability details ===================== A vulnerability exists in Flash Player that allows violating the same-origin-policy. An attacker can read sensitive local files and communicate with remote servers. As a result, this allows uploading the content of these local files to an...

6.4AI score
Exploits0
seebug.org
seebug.org
added 2014/09/12 12:0 a.m.69 views

Supermicro Onboard IPMI Port 49152 敏感文件泄露漏洞

关于 IPMI:智能平台管理接口 IPMI 是一种开放标准的硬件管理接口规格,定义了嵌入式管理子系统进行通信的特定方法。IPMI 信息通过基板管理控制器 BMC(位于 IPMI 规格的硬件组件上)进行交流。IPMI是智能型平台管理接口(Intelligent Platform Management Interface)的缩写,是管理基于...

5CVSS6.5AI score0.21152EPSS
Exploits6
seebug.org
seebug.org
added 2013/03/24 12:0 a.m.24 views

SAP NetWeaver CA-CL SMB中继任意文件泄露漏洞

BUGTRAQ ID: 58612 SAP NetWeaver是下一代基于服务的平台,它将作为未来所有SAP应用程序的基础。 SAP NetWeaver 7.30及其他版本在Classification CA-CL内存在不明细节错误,通过SMB中继攻击SMB Relay attack,攻击者可利用此漏洞获取SAP服务器文件系统上的任意文件。 0 SAP NetWeaver 7.3 厂商补丁: SAP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sap.com/platform/netweaver/index.epx...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2012/08/26 7:0 p.m.26 views

CVE-2011-5126

Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file...

6.1AI score0.0106EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/08/02 8:43 p.m.6 views

OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

5CVSS5.8AI score0.03162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/04/01 12:14 a.m.7 views

OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

5CVSS5.8AI score0.03162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/03/03 6:20 p.m.12 views

OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

5CVSS5.8AI score0.03162EPSS
Exploits0References4
seebug.org
seebug.org
added 2009/12/18 12:0 a.m.14 views

Microsoft IIS 5.0 ISAPI虚拟目录UNC映射导致ASP源文件泄露

No description provided by source...

7.1AI score
Exploits0
OSV
OSV
added 2002/09/05 4:0 a.m.6 views

DEBIAN-CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...

5CVSS7AI score0.58676EPSS
Exploits0References1
Rows per page
Query Builder