Lucene search
K

3718 matches found

Exploit DB
Exploit DB
added 2014/09/29 12:0 a.m.38 views

Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)

Exploit Title: Microsoft Exchange IIS HTTP Internal IP Disclosure Vulnerability Google Dork: NA Date: 08/01/2014 Exploit Author: Nate Power Vendor Homepage: microsoft.com Software Link: NA Version: Exchange OWA 2003, Exchange CAS 2007/2010/2013 Tested on: Exchange OWA 2003, Exchange CAS...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/16 12:0 a.m.37 views

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2014/08/20 11:57 a.m.108 views

Cloudflare: Apache mod_negotiation filename bruteforcing

Vulnerability description modnegotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error...

6.5AI score
Exploits0
NVD
NVD
added 2014/08/12 8:55 p.m.28 views

CVE-2014-5198

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

4.3CVSS5.6AI score0.01773EPSS
Exploits0References3
NVD
NVD
added 2014/08/12 8:55 p.m.15 views

CVE-2011-2593

Integer overflow in the StartEpa method in the nsepacom ActiveX control nsepa.exe in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which trigger...

6.8CVSS7.9AI score0.03986EPSS
Exploits0References4
Prion
Prion
added 2014/08/12 8:55 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

4.3CVSS6.1AI score0.01773EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/08/12 8:0 p.m.43 views

CVE-2011-2593

Integer overflow in the StartEpa method in the nsepacom ActiveX control nsepa.exe in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which trigger...

7.9AI score0.03986EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/08/12 8:0 p.m.27 views

CVE-2014-5198

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

5.6AI score0.01773EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.10 views

Delightful Downloads 1.3.1.1 - includes/functions.php User-Agent HTTP Header Stored XSS

The Delightful Downloads WordPress plugin was affected by an includes/functions.php User-Agent HTTP Header Stored XSS security vulnerability...

0.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS

The Redirection WordPress plugin was affected by a view/admin/logitem.php Non-existent Posts Referer HTTP Header XSS security vulnerability...

4.3CVSS0.4AI score0.02483EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.9 views

WordPress Delightful Downloads Plugin <= 1.3.1.1 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in includes/functions.php User-Agent HTTP header. Solution Update the plugin...

0.4AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2014/07/24 5:21 p.m.32 views

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

4.3CVSS5.5AI score0.02083EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/07/20 12:0 a.m.51 views

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

4.3CVSS6.9AI score0.35543EPSS
Exploits2References3
Hacker One
Hacker One
added 2014/07/17 5:25 p.m.13 views

Mail.ru: files.mail.ru: HTTP Header Injection

Прокидывается хэдер + работает X-Accel-Redirect GET /rus?back=%0d%0aX-Accel-Redirect:/robots.txt%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0ayarrrrrrrr HTTP/1.1 Host: files.mail.ru Accept: / Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE 9.0;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/09 12:0 a.m.26 views

kppw威客系统SQL注入一枚

简要描述: rt 详细说明: 注册处。 function checkall$regusername, $regemail, $regcode global $lang,$K; $res1 = $this-checkip ; if$K'do' $url = 'index.php?do='.$K'do'; else $url = 'index.php?do=register'; $res1 === true or $result = $res1; $res2 = $this-checkusername $regusername ; $res2 === true or $result =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

mod_accounting Module 0.5 - Blind SQL Injection

No description provided by source. - Affected Vendor: http://sourceforge.net/projects/mod-acct/files/ - Affected Software: modaccounting - Affected Version: 0.5. Other earlier versions may be affected. - Issue type: Blind SQL injection - Release Date: 20 Sep 2013 - Discovered by: Eldar Wireghoul...

7.5CVSS6.5AI score0.01266EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.47 views

Webmatic 3.1.1 - Blind SQL Injection

No description provided by source. Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Versions: 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference: CVE-2012-335...

6.8CVSS6.5AI score0.02925EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

XOOPS 2.0.14 Article Module - 'article.php' SQL Injection Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '84999' ssvid version = '1.0' author = 'kikay' vulDate = '2008-05-06' createDate ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

Joomla Component com_searchlog SQL Injection

No description provided by source. Exploit Title: Joomla Component comsearchlog SQL Injection Date: 05/06/2010 Author: d0lc3 d0lc3xatgmaildomcom Software Link: http://www.kanich.net/radio/site/searchlog/searchlog-download Version: 3.1.0 Tested on: Linux ubuntu32 2.6.32-22-generic x64 Summary: Goo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct ...

7.1AI score
Exploits0
Rows per page
Query Builder