Lucene search
K

1747 matches found

0day.today
0day.today
added 2017/05/17 12:0 a.m.39 views

Dup Scout Enterprise 9.5.14 Buffer Overflow Exploit

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/17 12:0 a.m.48 views

Dup Scout Enterprise 9.5.14 Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Dup Scout Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/17 12:0 a.m.26 views

Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Dup Scout Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...

7AI score
Exploits0
NVD
NVD
added 2017/05/03 10:59 a.m.16 views

CVE-2016-10367

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

7.5CVSS7.6AI score0.16109EPSS
Exploits1References1
Prion
Prion
added 2017/05/03 10:59 a.m.11 views

Directory traversal

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

5CVSS7.2AI score0.16109EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/05/03 10:0 a.m.23 views

CVE-2016-10367

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

7.7AI score0.16109EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/05/02 12:0 a.m.106 views

Bitrix bitrix.xscan Module < 1.0.4 bitrix.xscan_worker.php 'file' Parameter Path Traversal File Disclosure

The version of the Bitrix bitrix.xscan module running on the remote web server is prior to 1.0.4. It is, therefore, affected by a path traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'file' parameter passed to the /bitrix/admin/bitrix.xscanworker.php scrip...

6.5CVSS5.8AI score0.08357EPSS
Exploits5References2
Packet Storm
Packet Storm
added 2017/04/24 12:0 a.m.42 views

Disk Sorter Enterprise 9.5.12 GET Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Disk Sorter Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerabilit...

0.4AI score
Exploits0
Prion
Prion
added 2017/04/13 7:59 p.m.11 views

Null pointer dereference

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially...

7.8CVSS7AI score0.01405EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2017/04/13 7:59 p.m.25 views

CVE-2016-8723

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially...

7.8CVSS7.5AI score0.01405EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2017/04/11 12:0 a.m.30 views

Moxa MXview < 2.9 Multiple Vulnerabilities (HTTP) - Active Check

Moxa MXview is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.5AI score0.29293EPSS
Exploits10References3
Talos
Talos
added 2017/04/10 12:0 a.m.38 views

Moxa AWK-3131A HTTP GET Denial of Service Vulnerability

Summary An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an ‘/’ will cause a segmentation fault in the web server. An attacker can send any of a multitude of...

7.8CVSS7.4AI score0.01405EPSS
Exploits2
OpenVAS
OpenVAS
added 2017/03/03 12:0 a.m.330 views

WordPress 'json' User Enumeration Vulnerability

WordPress is prone to a user enumeration vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.87299EPSS
Exploits7References3
Exploit DB
Exploit DB
added 2017/02/28 12:0 a.m.42 views

Synchronet BBS 3.16c - Denial of Service

Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip Version: 3.16c for Windows Tested on: Windows 7 Pro SP1 x64, Windows Serv...

7.5CVSS7.6AI score0.04676EPSS
Exploits5
Prion
Prion
added 2017/02/14 6:59 a.m.11 views

Design/Logic Flaw

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

3.5CVSS7.3AI score0.0051EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/02/14 6:59 a.m.17 views

CVE-2016-10223

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

5.4CVSS5.7AI score0.0051EPSS
Exploits0References2
NVD
NVD
added 2017/02/12 4:59 a.m.11 views

CVE-2017-5961

An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tinymce/plugins/codemirror/dialog.php" URL. An attacker could execu...

6.1CVSS6.4AI score0.00985EPSS
Exploits1References2
Prion
Prion
added 2017/02/12 4:59 a.m.12 views

Authorization

An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...

4.3CVSS6.4AI score0.00977EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/02/12 4:43 a.m.20 views

CVE-2017-5960

An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...

6.5AI score0.00977EPSS
Exploits1References2
Prion
Prion
added 2017/02/10 7:59 a.m.15 views

Authorization

An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodllaudiourl" HTTP GET parameter passed to the "filterpoodllmoodle322016112802/poodll/mp3recorderskins/brazil/index.php" URL. An...

4.3CVSS6.4AI score0.00874EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder