CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2015/09/27 12:0 a.m.•3 views

Mozilla Firefox and Firefox ESR updater.exe Privilege Bypass Vulnerability

Mozilla Firefox is an open source web browser. A security vulnerability exists in the Mozilla Firefox updater.exe file that allows local attackers to perform a symbolic link attack to write arbitrary files at program startup...

6.6CVSS8.6AI score0.00294EPSS

seebug.org•added 2015/09/11 12:0 a.m.•53 views

FineCms 免费版任意文件上传漏洞

路径：dayrui/libraries/Chart/ofcuploadimage.php $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination = $defaultpath . basename $GET 'name' ; echo 'Saving your image to: '. $destination; $jfh = fopen$destination, 'w' or die"can't open file";...

7AI score

Exploits0

CNVD•added 2015/09/10 12:0 a.m.•1 views

libvdpau Arbitrary File Write Vulnerability

libvdpau is a Unix-like system video decoding and presentation API interface VDAPU Video Decode and Presentation API for Unix in the open source library files. An arbitrary file write vulnerability exists in versions of libvdpau prior to 1.1.1, which allows local users to write arbitrary files vi...

6.3CVSS6.7AI score0.00358EPSS

OSV•added 2015/09/08 3:59 p.m.•1 views

DEBIAN-CVE-2015-5200

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors...

6.3CVSS6.5AI score0.00358EPSS

CVE•added 2015/09/08 3:0 p.m.•81 views

CVE-2015-5200

CVE-2015-5200 pertains to libvdpau’s trace functionality in versions before 1.1.1. When libvdpau is used in a setuid/setgid application, local users can exploit this by writing to arbitrary files via unspecified vectors, as described across multiple advisories. Affected software is the libvdpau l...

6.3CVSS6.1AI score0.00358EPSS

Exploits0References9Affected Software1

BDU FSTEC•added 2015/09/08 12:0 a.m.•6 views

Vulnerability of Firefox and Firefox ESR browsers, which allow hackers to write arbitrary files and increase their privileges

The vulnerability of the Mozilla Maintenance Service component in Firefox and Firefox ESR browsers arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to write arbitrary files locally and increase their privileges by manipulating...

3.3CVSS7.8AI score0.00797EPSS

Exploits1References4Affected Software2

CNVD•added 2015/09/06 12:0 a.m.•2 views

Cisco Unified Computing System Director Arbitrary File Write Vulnerability

The Cisco Unified Computing System simplifies IT management and improves agility by integrating unified computing, networking, storage access and virtualization into a single system. A security vulnerability in the Cisco Unified Computing System Director JSP file allows remote attackers to exploi...

9.4CVSS7AI score0.02817EPSS

CVE•added 2015/09/04 1:0 a.m.•61 views

CVE-2015-6259

CVE-2015-6259 affects Cisco Integrated Management Controller (IMC) Supervisor prior to 1.0.0.1 and Cisco UCS Director prior to 5.2.0.1. The JSP component enables remote attackers to overwrite arbitrary files via crafted HTTP requests, a vulnerability tracked as CSCus36435/CSCus62625. The issue is...

9.4CVSS7AI score0.02817EPSS

Exploits0References2Affected Software1

Saint•added 2015/08/26 12:0 a.m.•40 views

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

Saint•added 2015/08/26 12:0 a.m.•203 views

Symantec Endpoint Protection Manager authentication bypass

Saint•added 2015/08/26 12:0 a.m.•85 views

Symantec Endpoint Protection Manager authentication bypass

Saint•added 2015/08/26 12:0 a.m.•39 views

Symantec Endpoint Protection Manager authentication bypass

Tenable Nessus•added 2015/08/19 12:0 a.m.•33 views

Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0. It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by...

6.4CVSS5.8AI score0.01927EPSS

Exploits0References2

Tenable Nessus•added 2015/08/19 12:0 a.m.•21 views

Mac OS X : Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0. It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, b...

6.4CVSS5.7AI score0.01927EPSS

Exploits0References2

CVE•added 2015/08/18 5:0 p.m.•63 views

CVE-2015-4670

CVE-2015-4670 affects the AjaxFileUpload control in the AjaxControlToolkit (Ajax Control Toolkit) before 15.1. The issue: the uploaded file’s fileId GUID is not validated, allowing directory traversal with “..” to write files to arbitrary locations via AjaxFileUploadHandler.axd. Veracode and rela...

6.4CVSS7.5AI score0.01912EPSS

Exploits1References2Affected Software1

CNVD•added 2015/08/08 12:0 a.m.•2 views

Apple OS X DYLD_PRINT_TO_FILE Environment Variable Checksum Local ROOT Privilege Gain Vulnerability

Apple Mac OS X is an operating system developed by Apple Inc. Apple Mac OS X fails to properly calibrate the DYLDPRINTTOFILE environment variable, allowing local attackers to write arbitrary files with root privileges and elevated privileges...

6.7AI score