Lucene search
K

115 matches found

Prion
Prion
added 2017/12/11 5:29 p.m.25 views

Design/Logic Flaw

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...

7.2CVSS6.5AI score0.00434EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/12/11 5:29 p.m.26 views

CVE-2017-15870

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...

7.2CVSS6.5AI score0.00434EPSS
Exploits0References2
OSV
OSV
added 2017/12/11 5:29 p.m.6 views

CVE-2017-15870

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...

6.7CVSS5.9AI score0.00434EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/12/11 5:0 p.m.31 views

CVE-2017-15870

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...

6.5AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2017/12/11 5:0 p.m.63 views

CVE-2017-15870

CVE-2017-15870 affects Palo Alto Networks GlobalProtect Client/App on macOS up to version 4.0.2 (before 4.0.3). The vulnerability is a local privilege escalation via an image path execution hijacking vector. Exploitation requires local administrative privileges on the compromised host and can gra...

7.2CVSS6.5AI score0.00434EPSS
Exploits0References2Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:20 a.m.10 views

GlobalProtect App Vulnerability

An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. ref...

6.7CVSS6.9AI score0.00434EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/02/28 6:59 p.m.23 views

CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...

7.5CVSS7.2AI score0.7763EPSS
Exploits5References3
NVD
NVD
added 2017/02/28 6:59 p.m.17 views

CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...

7.5CVSS7.4AI score0.7763EPSS
Exploits5References5
Debian CVE
Debian CVE
added 2017/02/28 12:0 a.m.64 views

CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...

7.5CVSS7.4AI score0.7763EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2016/02/12 12:0 a.m.8 views

The vulnerability of the Ruby Colorscore interpreter extension, which allows a hacker to execute arbitrary code.

The vulnerability of the class initialization method Histogram lib/colorscore/histogram.rb in the Ruby Colorscore extension is related to the lack of measures to clean input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metasymbols in variables like...

10CVSS8.2AI score0.0353EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2016/01/12 12:0 a.m.25 views

Ruby colorscore gem arbitrary code execution vulnerability

Ruby is a cross-platform, object-oriented, dynamically-typed programming language developed by Japanese software developer Yukihiro Matsumoto. colorscore gem is one of the libraries used to distinguish colors. A security vulnerability exists in the 'initialize' method of the Histogram class in th...

10CVSS7.7AI score0.0353EPSS
Exploits0References1
OSV
OSV
added 2015/11/02 8:21 p.m.13 views

MGASA-2015-0421 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload CVE-2015-8001. ...

6.8CVSS5.9AI score0.01688EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2013/04/01 12:0 a.m.32 views

WordPress FuneralPress 1.1.6 Cross Site Scripting

WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2007/04/30 10:19 p.m.4 views

CVE-2007-2053

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...

10CVSS6.6AI score0.06711EPSS
Exploits0References9
Symantec
Symantec
added 2000/11/03 12:0 a.m.24 views

McAfee VirusScan 4.5 Unquoted ImagePath Vulnerability

Description The default installation of McAfee VirusScan excludes quotes around the image path eg. ImagePath=C:\Program Files\Common Files\Network Associates\McShield\McShield.exe. Therefore, if a malicious user were to insert a hostile VB executable file named common.exe in C:\Program Files, it...

1.3AI score
Exploits0References3Affected Software1
Rows per page
Query Builder