Lucene search
K

113 matches found

OSV
OSV
added 2018/04/11 6:29 p.m.2 views

CVE-2018-10028

joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...

5.3CVSS5.8AI score0.01531EPSS
Exploits0References1
ArchLinux
ArchLinux
added 2017/12/02 12:0 a.m.22 views

[ASA-201712-2] cacti: multiple issues

Arch Linux Security Advisory ASA-201712-2 ========================================= Severity: High Date : 2017-12-02 CVE-ID : CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 Package : cacti Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-537 Summary =====...

9CVSS2.6AI score0.04246EPSS
Exploits4References12
NVD
NVD
added 2017/11/08 5:29 a.m.12 views

CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

4.9CVSS5.2AI score0.01474EPSS
Exploits1References1
Prion
Prion
added 2017/11/08 5:29 a.m.17 views

Design/Logic Flaw

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

4CVSS5.1AI score0.01474EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/11/08 5:29 a.m.2 views

CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

4.9CVSS5.8AI score0.01474EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2017/11/08 5:29 a.m.23 views

CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

4.9CVSS6.8AI score0.01474EPSS
Exploits1References2
Prion
Prion
added 2017/11/08 5:29 a.m.21 views

Remote code execution

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

9CVSS6.9AI score0.04246EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2017/11/08 5:29 a.m.24 views

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

9CVSS7.2AI score0.04246EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2017/11/08 5:29 a.m.2 views

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

9CVSS6AI score0.04246EPSS
Exploits1References2
OSV
OSV
added 2017/11/08 5:29 a.m.13 views

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

7.2CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2017/11/08 5:29 a.m.1 views

DEBIAN-CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

4.9CVSS6.1AI score0.01474EPSS
Exploits1References1
OSV
OSV
added 2017/11/08 5:29 a.m.6 views

UBUNTU-CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

7.2CVSS7.3AI score0.04246EPSS
Exploits1References3
OSV
OSV
added 2017/11/08 5:29 a.m.0 views

DEBIAN-CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

7.2CVSS7.7AI score0.04246EPSS
Exploits1References1
CVE
CVE
added 2017/11/08 5:0 a.m.73 views

CVE-2017-16660

CVE-2017-16660 affects Cacti 1.1.27, where remote authenticated administrators can trigger Remote Code Execution by placing the Log Path under the web root and issuing a remote_agent.php request containing PHP code in the Client-ip header. This vulnerability is documented as an arbitrary-code-exe...

9CVSS6.9AI score0.04246EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/11/08 5:0 a.m.21 views

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

7AI score0.04246EPSS
Exploits1References1
CVE
CVE
added 2017/11/08 5:0 a.m.71 views

CVE-2017-16661

Cacti 1.1.27 is affected by CVE-2017-16661 (arbitrary filesystem access) via a vulnerability where a remote authenticated administrator can set a private Log Path and request clog.php?filename= to read files (example /etc/passwd). The issue is part of a set of CVEs (including CVE-2017-16641, CVE-...

4.9CVSS5.5AI score0.01474EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2017/11/08 5:0 a.m.31 views

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

9CVSS7.3AI score0.04246EPSS
Exploits1
Cvelist
Cvelist
added 2017/11/08 5:0 a.m.25 views

CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

5.6AI score0.01474EPSS
Exploits1References1
CNVD
CNVD
added 2015/08/16 12:0 a.m.3 views

Unauthorized Access Vulnerability in ICEFLOW VPN Router System of Shanghai Bingfeng Computer Network Technology Co.

Shanghai Bingfeng Computer Network Technology Co., Ltd. is a domestic VPN, Traffic Management, Behavior Management, Link Load Balancing, Next Generation Firewall equipment supplier and IT value solution provider. Bingfeng network reporter system is a set of data report management system...

6.6AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2015/06/25 12:0 a.m.12 views

HP SiteScope Log Analyzer Information Disclosure (CVE-2015-2120)

A privilege escalation vulnerability exists in HP SiteScope. The vulnerability is due to improper validation of the log path, allowing the user to read the users.config file. A remote, authenticated attacker may exploit this vulnerability by submitting a crafted log path...

8.7CVSS6.3AI score0.03484EPSS
Exploits0
Rows per page
Query Builder