Lucene search
K

113 matches found

Tenable Nessus
Tenable Nessus
added 2015/06/10 12:0 a.m.59 views

HP SiteScope Log Analysis Tool Remote Privilege Escalation (uncredentialed check)

The HP SiteScope application running on the remote host is affected by a privilege escalation vulnerability due to a failure to restrict the log path within the Log Analysis Tool. A remote, authenticated attacker can exploit this flaw to read the 'users.config' file, allowing an attacker to...

8.7CVSS5.6AI score0.03484EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2015/05/26 12:0 a.m.29 views

Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability

This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowi...

9CVSS6.2AI score0.03484EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/11 12:0 a.m.2 views

Pimcore /misc/http-error-log _dc SQL Injection Vulnerability

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. Pimcore /misc/http-error-log fails to properly handle the 'dc' GET parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain databa...

7.6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/03/10 12:0 a.m.5 views

PT-2015-4555 · Red Hat · Redhat-Access-Plugin

Name of the Vulnerable Software and Affected Versions: Red Hat redhat-access-plugin versions prior to 6.0.3 for OpenStack Dashboard horizon Description: The issue allows remote attackers to read arbitrary files via a crafted path in the log-viewing function. Recommendations: For versions prior to...

4CVSS6.3AI score0.01676EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/09/12 2:55 p.m.5 views

CVE-2014-2009

The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log...

5CVSS5.5AI score0.0741EPSS
Exploits5References7
RedHat Linux
RedHat Linux
added 2014/04/16 11:34 a.m.12 views

OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)

The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...

4.4CVSS7AI score0.00456EPSS
Exploits0References5
myhack58
myhack58
added 2012/02/11 12:0 a.m.28 views

PHP local file inclusion(LFI)exploit-vulnerability warning-the black bar safety net

This study main references are: http://downloads.ackack.net/LocalFileInclusion.pdf Experimental code: If you are on linux, be submitted directly to: test. php? for=/etc/passwd%0 0 to display the file. ? php include$GET'for'.‘. php’;//for testing local include vulnerability ?& gt; If it is on win,...

7.5AI score
Exploits0
rdot
rdot
added 2011/01/30 12:0 a.m.29 views

WhiteCat logcleaner version 1.0 [edition]

Данная утилита предназначена для системных администраторов для: 1. Контроля размера лог-файлов на сервере 2. Для проверки на уязвимость своего сервера на возможность доступа к лог-файлам сервера Любое иное использование скрипта преследуется по закону Клинеры все эти конечно круто, но во многих по...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2010/10/19 12:0 a.m.15 views

Mandriva Update for mailgraph MDVA-2010:206 (mailgraph)

Check for the Version of mailgraph OpenVAS Vulnerability Test Mandriva Update for mailgraph MDVA-2010:206 mailgraph Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

0.5AI score
Exploits0References2
exploitpack
exploitpack
added 2009/03/23 12:0 a.m.23 views

Syzygy CMS 0.3 - Local File Inclusion SQL Injection

Syzygy CMS 0.3 - Local File Inclusion SQL Injection !/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shel...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2009/03/20 12:0 a.m.15 views

Bloginator v1a SQL Command Injection via Cookie Bypass Exploit

No description provided by source. Author = FireShot , Jacopo Vuga. Thx to = Osirys for develop the Exploitation Code with me Mail = fireshotatautisticidotorg / osirysatautisticidotorg Vulnerability = SQL Command Injection mq = off Software = Bloginator V1A Download =...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/02/20 12:0 a.m.13 views

Graugon Forum 1 - id Command Injection SQL Injection

Graugon Forum 1 - id Command Injection SQL Injection !/usr/bin/perl |--------------------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2006/10/10 12:0 a.m.39 views

phpMyAgenda 3.1 - '/templates/header.php3' Local File Inclusion

!/usr/bin/perl use IO::Socket; use LWP::Simple; print "\n"; print "\n"; print " \n"; print " phpMyAgenda "; $socket = IO::Socket::INET-newProto="tcp", PeerAddr="$host", PeerPort="80" or die " Could not connect to host.\n\n"; print $socket "GET ".$path.$CODE." HTTP/1.1\r\n"; print $socket...

7.4AI score
Exploits0
Rows per page
Query Builder