CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1461 matches found

OSV•added 2010/01/13 8:30 p.m.•3 views

DEBIAN-CVE-2009-4490

minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS7.9AI score0.04114EPSS

Exploits2References1

UbuntuCve•added 2010/01/13 8:30 p.m.•34 views

CVE-2009-4490

5CVSS7.5AI score0.04114EPSS

Exploits2References1

Prion•added 2010/01/13 8:30 p.m.•16 views

Design/Logic Flaw

DISPUTED Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE:...

5CVSS7.9AI score0.0192EPSS

Exploits2References3Affected Software1

UbuntuCve•added 2010/01/13 8:30 p.m.•35 views

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

9.8CVSS6.1AI score0.02714EPSS

Exploits3References1

NVD•added 2010/01/13 8:30 p.m.•13 views

CVE-2009-4611

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...

7.5CVSS9.9AI score0.00948EPSS

Exploits1References3

Prion•added 2010/01/13 8:30 p.m.•25 views

Design/Logic Flaw

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS8.2AI score0.0421EPSS

Exploits2References3Affected Software1

Cvelist•added 2010/01/13 8:0 p.m.•22 views

CVE-2009-4611

9.9AI score0.00948EPSS

Exploits1References3

Positive Technologies•added 2010/01/13 12:0 a.m.•4 views

PT-2010-1346 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Varnish version 2.0.6 Description: The issue arises from Varnish writing data to a log file without sanitizing non-printable characters. This could potentially allow remote attackers to modify a window's title or possibly execute arbitrary...

9.8CVSS7.9AI score0.0192EPSS

Exploits2References15

UbuntuCve•added 2010/01/08 12:0 a.m.•24 views

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. dot dot in a pathname within a .torrent file...

8.8CVSS7.3AI score0.00297EPSS

Exploits1References3

Prion•added 2009/12/29 10:30 p.m.•8 views

Code injection

vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log...

3.3CVSS6.9AI score0.0019EPSS

Exploits1References4Affected Software1

Cvelist•added 2009/12/29 10:0 p.m.•15 views

CVE-2009-4454

vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log...

6.4AI score0.0019EPSS

Exploits1References4

OSV•added 2009/10/23 6:30 p.m.•1 views

DEBIAN-CVE-2009-1297

iscsidiscovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise SLE 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name...

4.4CVSS6.8AI score0.00021EPSS

Exploits1References1

OSV•added 2009/09/21 7:30 p.m.•2 views

DEBIAN-CVE-2009-2939

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files...

6.9CVSS6.4AI score0.00024EPSS

Exploits2References1

Cvelist•added 2009/09/21 7:0 p.m.•21 views

CVE-2009-2939

6.1AI score0.00024EPSS

Exploits2References2

UbuntuCve•added 2009/09/21 12:0 a.m.•24 views

CVE-2009-2939

6.9CVSS6AI score0.00024EPSS

Exploits2References3

Gentoo Linux•added 2009/09/13 12:0 a.m.•25 views

ZNC: Directory traversal

Background ZNC is an advanced IRC bouncer. Description The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user runnin...

7.5CVSS7AI score0.00962EPSS

Exploits0

Prion•added 2009/08/11 9:0 p.m.•26 views

Design/Logic Flaw

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI...

10CVSS7.3AI score0.28312EPSS

Exploits1References9Affected Software1

Prion•added 2009/08/11 9:0 p.m.•25 views

Design/Logic Flaw

9.3CVSS7.3AI score0.28312EPSS

Exploits1References3Affected Software1

NVD•added 2009/08/11 9:0 p.m.•17 views

CVE-2008-6937

10CVSS6.8AI score0.03565EPSS

Exploits0References2

NVD•added 2009/08/04 4:30 p.m.•8 views

CVE-2009-2658