Lucene search
K

3632 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

PHP 4.x/5.0.x File Upload GLOBAL Variable Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Hesk 0.92/0.93 Session ID Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14879/info Hesk is prone to an authentication bypass vulnerability. Successful exploitation will grant an attacker administrative access to the application. This can lead to unauthorized access of sensitive data,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.41 views

Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5188/info The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to construct applications which extend w...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Kimai 0.9.2 - 'db_restore.php' SQL Injection

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Simple Machines Forum 1.1.6 HTTP POST Request Filter Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31594/info Simple Machines Forum SMF is prone to a security-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to bypass filter restrictions a...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/06/23 12:0 a.m.21 views

Fiyo CMS 'Name' POST Parameter Cross-Site Scripting Vulnerability

Fiyo CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.8AI score0.01854EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.38 views

openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)

Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following...

10CVSS7.7AI score0.07072EPSS
Exploits12References17
htbridge
htbridge
added 2014/06/11 12:0 a.m.123 views

Unrestricted Upload of File with Dangerous Type in BoltWire

High-Tech Bridge Security Research Lab discovered vulnerability in BoltWire, which can be exploited to execute arbitrary PHP code on the target system and gain complete control over vulnerable web application. 1 Unrestricted Upload of File with Dangerous Type in BoltWire: CVE-2014-4169 The...

10CVSS7.6AI score
Exploits1Affected Software1
Fedora
Fedora
added 2014/06/10 3:11 a.m.36 views

[SECURITY] Fedora 19 Update: mingw-curl-7.37.0-1.fc19

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...

6.4CVSS6.2AI score0.0508EPSS
Exploits0
htbridge
htbridge
added 2014/05/21 12:0 a.m.96 views

SQL Injection in Dolphin | HTB23216

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Dolphin, which can be exploited to perform SQL injection attacks and obtain sensitive information from the application database. 1 SQL Injection in Dolphin: CVE-2014-3810 The vulnerability exists due to insufficient...

6.5CVSS8AI score0.01658EPSS
Exploits3Affected Software1
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.64 views

SQL Injection in Orbit Open Ad Server

Advisory ID: HTB23208 Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: March 19, 2014 Vendor Patch: March 21, 2014 Public Disclosure: Apri...

7.5CVSS0.3AI score0.01314EPSS
Exploits5
exploitpack
exploitpack
added 2014/04/22 12:0 a.m.12 views

kitForm CRM Extension 0.43 - sorter.ph?sorter_value SQL Injection

kitForm CRM Extension 0.43 - sorter.ph?sortervalue SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. target = "http://fbi.gov" 5. SQLi = "or 1=1...

8.6AI score
Exploits0
0day.today
0day.today
added 2014/04/10 12:0 a.m.37 views

csChat-R-Box Script Site Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: "csChat-R-Box Script Site" Cross-Site Scripting XSS Google Dork: csChatRBox.cgi Date: 4/10/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link:...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2014/04/09 12:0 a.m.4 views

PT-2014-1326 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.2 before 8.25.47 Cisco Adaptive Security Appliance ASA Software versions 8.3 before 8.32.40 Cisco Adaptive Security Appliance ASA Software versions 8.4 before 8.47.3 Cisco Adaptive...

5CVSS9.3AI score0.01906EPSS
Exploits0References6
exploitpack
exploitpack
added 2014/03/31 12:0 a.m.21 views

Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities

Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities Document Title: =============== Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1235 Release Date: ============= 2014-03-28 Vulnerabilit...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2014/03/21 12:0 a.m.39 views

WordPress WP-Filebase Download Manager插件任意代码执行漏洞

WordPress是一款内容管理系统。 由于通过上传文件时的文件名传递的输入在被用于classes/Admin.php中"exec"的调用时没有正确过滤,攻击者可以利用漏洞通过特制的HTTP POST命令执行任意SHELL命令。 0 WordPress WP-Filebase Plugin 0.x WordPress WP-Filebase Plugin 0.3.0.04版本以修复此漏洞,建议用户下载使用: http://wordpress.org/plugins/wp-filebase/changelog/...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/03/21 12:0 a.m.26 views

Horde 3.1.x <= 5.1.1 RCE Vulnerability - Active Check

Horde is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:horde:hordegroupware...

7.5CVSS7.2AI score0.42895EPSS
Exploits7References1
Exploit DB
Exploit DB
added 2014/03/05 12:0 a.m.48 views

Ilch CMS 2.0 - Persistent Cross-Site Scripting

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

4.3CVSS6.7AI score0.03295EPSS
Exploits6
NVD
NVD
added 2014/02/26 2:55 p.m.12 views

CVE-2013-6731

IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request...

4CVSS6.2AI score0.00842EPSS
Exploits1References2
Prion
Prion
added 2014/02/26 2:55 p.m.11 views

Cross site request forgery (csrf)

IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request...

4CVSS6.7AI score0.00842EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder