Lucene search
K

66 matches found

Cvelist
Cvelist
added 2020/06/04 6:38 p.m.28 views

CVE-2020-11680

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store,...

6.5AI score0.01166EPSS
Exploits2References3
NCSC
NCSC
added 2020/05/22 12:0 a.m.10 views

Vulnerability fixed in Apache Tomcat

The developers of Apache Tomcat have fixed a vulnerability fixed that could potentially allow a remote malicious person to execute arbitrary code under the application's permissions. This is possible if: the malicious party has control of a file on the server; PersistenceManager is used in...

7CVSS9.3AI score0.56636EPSS
Exploits15
OSV
OSV
added 2020/05/21 6:52 p.m.2 views

GHSA-344F-F5VG-2JFJ Potential remote code execution in Apache Tomcat

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7CVSS7.3AI score0.56636EPSS
Exploits15References55
OSV
OSV
added 2020/05/20 7:15 p.m.7 views

DEBIAN-CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7CVSS7.8AI score0.56636EPSS
Exploits15References1
OSV
OSV
added 2020/05/20 7:15 p.m.2 views

UBUNTU-CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7CVSS7.3AI score0.56636EPSS
Exploits15References13
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.5 views

The vulnerability of the File Store Service, a component of the Service Fabric application, allows a perpetrator to escalate their privileges.

The vulnerability of the File Store Service of the Service Fabric application is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to enhance their privileges by modifying the configuration file and connecting to SMB or SCP ports...

10CVSS7.8AI score0.02926EPSS
Exploits0References2
NVD
NVD
added 2020/03/12 4:15 p.m.23 views

CVE-2020-0902

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'...

9.8CVSS9.5AI score0.02926EPSS
Exploits0References1
Prion
Prion
added 2020/03/12 4:15 p.m.12 views

Privilege escalation

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'...

6.8CVSS9.4AI score0.02926EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/12 3:48 p.m.26 views

CVE-2020-0902

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'...

9.6AI score0.02926EPSS
Exploits0References1
CVE
CVE
added 2020/03/12 3:48 p.m.66 views

CVE-2020-0902

CVE-2020-0902 affects Microsoft Service Fabric’s File Store Service and is described as an elevation of privilege vulnerability. The issue is triggered under certain conditions in Service Fabric, with references to an unauthenticated remote user potentially gaining rights if the node is exposed e...

9.8CVSS9.4AI score0.02926EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.25 views

Service Fabric Elevation of Privilege

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions. An unauthenticated remote user could gain rights to the Service Fabric File Store Service if the node is exposed externally via SMB or SCP standard ports and they are using the impacted...

9.8CVSS2.7AI score0.02926EPSS
Exploits0
PyPA
PyPA
added 2017/09/05 5:29 p.m.7 views

PYSEC-2017-83

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

7.8CVSS6.5AI score0.01907EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2017/09/05 5:29 p.m.4 views

DEBIAN-CVE-2017-14158

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

7.5CVSS6.5AI score0.01907EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

File Store PRO 3.2 - Multiple Blind SQL Injection Vulnerabilities

No description provided by source. | File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GETfolder && $GETfolder!= $folder=$GETfolder; else exitBad Request; ifisset$GETid && $GETid!= $id=$GETid; el...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/07/12 12:0 a.m.19 views

File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities

No description provided by source. | File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GET"folder" && $GET"folder"!="" $folder=$GET"folder"; else exit"Bad Request"; ifisset$GET"id" && $GET"id"!="...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/07/11 12:0 a.m.43 views

File Store PRO 3.2 - Multiple Blind SQL Injections

| File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GET"folder" && $GET"folder"!="" $folder=$GET"folder"; else exit"Bad Request"; ifisset$GET"id" && $GET"id"!="" $id=$GET"id"; else exit"Bad...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/07/11 12:0 a.m.21 views

File Store PRO 3.2 - Multiple Blind SQL Injections

File Store PRO 3.2 - Multiple Blind SQL Injections | File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GET"folder" && $GET"folder"!="" $folder=$GET"folder"; else exit"Bad Request"; ifisset$GET"id...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/03/24 12:0 a.m.22 views

[eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities

New eVuln Advisory: @1 File Store Multiple XSS and SQL Injection Vulnerabilities http://evuln.com/vulns/95/summary.html --------------------Summary---------------- eVuln ID: EV0095 Software: @1 File Store Sowtware's Web Site: http://www.upoint.info/cgi/download/ Versions: 2006.03.07 Critical Leve...

0.6AI score
Exploits0
NVD
NVD
added 2006/03/19 11:6 a.m.10 views

CVE-2006-1278

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to 1 functions.php and 2 user.php in the libs directory, 3 edit.php and 4 delete.php in control/files/, 5 edit.php and 6 delete.php in control/users/, 7 edit.php,...

6.8CVSS8.3AI score0.03653EPSS
Exploits1References31
NVD
NVD
added 2006/03/19 11:6 a.m.15 views

CVE-2006-1277

Cross-site scripting XSS vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the 1 realname, 2 email, and 3 login parameters...

5.8CVSS5.7AI score0.01373EPSS
Exploits0References8
Rows per page
Query Builder