CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

780 matches found

NVD•added 2006/12/31 5:0 a.m.•14 views

CVE-2006-6910

formbankcgi.exe in Fersch Formbankserver 1.9, when the PATHINFO begins with Abfrage, allows remote attackers to cause a denial of service daemon crash via multiple requests containing many /../ sequences in the Name parameter...

7.8CVSS6.6AI score0.0302EPSS

Exploits1References4

Tenable Nessus•added 2006/11/22 12:0 a.m.•22 views

GLSA-200611-15 : qmailAdmin: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200611-15 qmailAdmin: Buffer overflow qmailAdmin fails to properly handle the 'PATHINFO' variable in qmailadmin.c. The PATHINFO is a standard CGI environment variable filled with user-supplied data. Impact : A remote attacker coul...

7.5CVSS6AI score0.04499EPSS

Exploits0References2

CVE•added 2006/10/27 4:0 p.m.•45 views

CVE-2006-5560

CVE-2006-5560 is a cross-site scripting vulnerability in Boesch ProgSys 0.151 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via PATH_INFO to admin/index.php and related files. CVSS v2.0 base score 4.3 (Medium): Network access, no authentication, partial inte...

4.3CVSS5.9AI score0.01303EPSS

Exploits0References7Affected Software1

NVD•added 2006/05/22 7:2 p.m.•12 views

CVE-2006-2506

Multiple cross-site scripting XSS vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO and 2 the category parameter...

6.8CVSS5.6AI score0.01605EPSS

Exploits1References7

CVE•added 2006/05/22 7:0 p.m.•46 views

CVE-2006-2506

CVE-2006-2506 affects Sphider’s search.php, enabling multiple XSS via PATH_INFO and the category parameter. The available connected documents confirm the vulnerable component and vectors but do not provide specific version numbers, exploit details, or remediation within the supplied material. The...

6.8CVSS5.7AI score0.01605EPSS

Exploits1References7Affected Software1

Prion•added 2006/03/10 11:2 a.m.•11 views

Buffer overflow

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATHINFO environment variable...

7.5CVSS8.2AI score0.04499EPSS

Exploits0References9Affected Software1

CVE•added 2006/03/10 11:0 a.m.•45 views

CVE-2006-1141

CVE-2006-1141 affects QmailAdmin prior to 1.2.10. The vulnerability is a buffer overflow in qmailadmin.c where an overlong PATH_INFO CGI environment variable can be exploited by a remote attacker to potentially execute arbitrary code with the privileges of the running qmailAdmin process. Affected...

7.5CVSS7.8AI score0.04499EPSS

Exploits0References9Affected Software1

Cvelist•added 2006/03/10 11:0 a.m.•23 views

CVE-2006-1141

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATHINFO environment variable...

7.7AI score0.04499EPSS

Exploits0References9

UbuntuCve•added 2006/02/15 11:6 a.m.•18 views

CVE-2006-0707

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / slash characters, which is accessed using the PATHINFO variable...

5CVSS6AI score0.01423EPSS

Exploits0References1

NVD•added 2006/02/15 11:6 a.m.•10 views

CVE-2006-0707

5CVSS6.8AI score0.01423EPSS

Exploits0References5

OSV•added 2006/02/15 11:6 a.m.•4 views

CVE-2006-0707

7AI score

Exploits0References5

Cvelist•added 2006/02/15 11:0 a.m.•14 views

CVE-2006-0707

6.7AI score0.01423EPSS

Exploits0References5

Debian CVE•added 2006/02/15 11:0 a.m.•19 views

CVE-2006-0707

Removed by vendor...

5CVSS7AI score0.01423EPSS

Exploits0

Prion•added 2006/02/10 11:2 a.m.•16 views

Code injection

myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATHINFO environment variable...

7.5CVSS8.2AI score0.056EPSS

Exploits1References10Affected Software1

NVD•added 2006/02/10 11:2 a.m.•13 views

CVE-2006-0628

7.5CVSS7.7AI score0.056EPSS

Exploits1References10

Cvelist•added 2006/02/10 11:0 a.m.•19 views

CVE-2006-0628

7.7AI score0.056EPSS

Exploits1References10

0day.today•added 2006/02/06 12:0 a.m.•59 views

MyQuiz 1.01 (PATH_INFO) Arbitrary Command Execution Exploit

Exploit for cgi platform in category web applications =========================================================== MyQuiz 1.01 PATHINFO Arbitrary Command Execution Exploit =========================================================== !/usr/bin/perl = MyQuiz Remote Command Execution Exploit - By...

7.1AI score

Exploits0

Cvelist•added 2005/06/21 4:0 a.m.•16 views

CVE-2002-1757

PHProjekt 2.0 through 3.1 relies on the $PHPSELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATHINFO portion of the $PHPSELF variable, as demonstrated using...

6.9AI score0.03143EPSS

Exploits1References3

Cvelist•added 2003/09/12 4:0 a.m.•21 views

CVE-2003-0762

Buffer overflow in 1 foxweb.dll and 2 foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL PATHINFO value...

7.9AI score0.07798EPSS

Exploits1References1

Exploit DB•added 2003/06/27 12:0 a.m.•34 views

FoxWeb 2.5 - PATH_INFO Remote Buffer Overrun

source: https://www.securityfocus.com/bid/8547/info FoxWeb is prone to a remotely exploitable buffer overrun vulnerability. This is due to insufficient bounds checking of user-supplied PATHINFO data to the Foxweb CGI and ISAPI extension. Successful exploitation would permit a remote attacker to...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by