Lucene search
+L

187 matches found

CNVD
CNVD
added 2015/05/14 12:0 a.m.6 views

GoAutoDial GoAdmin CE SQL Injection Vulnerability

GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. GoAutoDial GoAdmin CE's gologin.php script fails to adequately filter the 'username' and 'userpass' parameters, gologin/ validatecredentials/admi...

7.5CVSS7.5AI score0.38149EPSS
Exploits8References1
OSV
OSV
added 2015/01/27 8:2 p.m.10 views

DEBIAN-CVE-2014-9649

Cross-site scripting XSS vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...

4.3CVSS6AI score0.02313EPSS
Exploits0References1
OSV
OSV
added 2015/01/21 3:28 p.m.3 views

DEBIAN-CVE-2015-1164

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...

4.3CVSS6.9AI score0.02616EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Mozilla Bonsai 1.3 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5517/info A path disclosure vulnerability has been reported in Mozilla Bonsai. An attacker can exploit this vulnerability by making a malformed request to Bonsai. This causes Bonsai to return an error page to the requesti...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

XOOPS 2.0 XoopsOption Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7149/info XOOPS has been reported vulnerable to an information disclosure vulnerability. According to the report, path information and other sensitive data may be output in server error messages. Information obtained in...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Invision Power Board 3.0 Multiple HTML-Injection and Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/34725/info Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Siteframe 2.2.4 Download.php Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7143/info Siteframe has been reported vulnerable to an information disclosure vulnerability. When handling certain download requests Siteframe may be lead into an error condition. When these errors occur, the script will...

7.1AI score
Exploits0
PyPA
PyPA
added 2014/06/18 2:55 p.m.6 views

PYSEC-2014-99

Multiple cross-site scripting XSS vulnerabilities in the responderror function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 resources.js or 2 resources.css in ajenti:static/, related to the traceback page...

4.3CVSS6AI score0.02282EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2014/03/24 12:0 a.m.7 views

PT-2014-2384

Name of the Vulnerable Software and Affected Versions Open Solution Quick.Cms version 5.0 Open Solution Quick.Cart version 6.0 Description A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to "admin.php". This could potentially lead ...

4.3CVSS5.8AI score0.0391EPSS
Exploits3References11
Prion
Prion
added 2014/02/14 3:55 p.m.21 views

Design/Logic Flaw

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors...

5CVSS6.7AI score0.0209EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2013/12/19 12:0 a.m.5 views

PT-2013-6145 · Jquery · Prettyphoto

Name of the Vulnerable Software and Affected Versions: prettyPhoto versions 3.1.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the setTimeout function in js/jquery.prettyPhoto.js. This vulnerability allows remote attackers to inject arbitrary web...

4.3CVSS5.2AI score0.03111EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2013/03/12 5:52 p.m.9 views

rubygem-rack: Path sanitization information disclosure

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

4.3CVSS6.7AI score0.02952EPSS
Exploits0References4
OSV
OSV
added 2013/02/08 8:55 p.m.3 views

UBUNTU-CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

4.3CVSS6.8AI score0.02952EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2013/02/08 12:0 a.m.5 views

PT-2013-2197

Name of the Vulnerable Software and Affected Versions Rack versions 1.4.x through 1.4.4 Rack versions 1.5.x through 1.5.1 Description The issue allows attackers to access arbitrary files outside the intended root directory via a crafted PATH INFO environment variable, probably a directory travers...

10CVSS7AI score0.35376EPSS
Exploits4References53
RedHat Linux
RedHat Linux
added 2013/01/08 8:44 p.m.13 views

openshift-origin-node-util: restorer.php preg_match shell code injection

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...

7.5CVSS6.2AI score0.02204EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/08 8:44 p.m.11 views

openshift-origin-node-util: restorer.php arbitrary URL redirection

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...

5.8CVSS6AI score0.01471EPSS
Exploits1References4
Saint
Saint
added 2012/11/26 12:0 a.m.49 views

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

6.5CVSS7.2AI score0.61925EPSS
Exploits10
Saint
Saint
added 2012/11/26 12:0 a.m.61 views

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

6.5CVSS7.2AI score0.61925EPSS
Exploits10
Saint
Saint
added 2012/11/26 12:0 a.m.64 views

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

6.5CVSS7.2AI score0.61925EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.26 views

Scientific Linux Security Update : setroubleshoot on SL5.x i386/x86_64

A flaw was found in the way sealert wrote diagnostic messages to a temporary file. A local unprivileged user could perform a symbolic link attack, and cause arbitrary files, writable by other users, to be overwritten when a victim runs sealert. CVE-2007-5495 A flaw was found in the way sealert...

4.4CVSS5.8AI score0.00385EPSS
Exploits0References3
Rows per page
Query Builder