Lucene search
K

1092 matches found

OSV
OSV
added 2015/02/10 5:59 p.m.2 views

UBUNTU-CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

4.3CVSS5.9AI score0.02746EPSS
Exploits0References3
Prion
Prion
added 2015/02/10 5:59 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

4.3CVSS6.1AI score0.02746EPSS
Exploits0References8Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Xynph FTP Server 1.0 Relative Path Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6587/info A problem with the handling of input has been reported in Xynph FTP Server. Under some circumstances, it may be possible for a remote user to escape the FTP root directory using relative path notation. This coul...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

clearswift mimesweeper for web 4.0/5.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10918/info Clearswift MIMEsweeper For Web is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. To carry out an attack an attacker may specify a relative path to ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

AtheOS 0.3.7 Change Root Relative Path Directory Escaping Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4051/info AtheOS is a freely available, open source operating system. It is distributed under the GPL, and maintained by the AtheOS project. It is possible to escape change rooted directories on AtheOS. Due to insufficien...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Muhammad M. Saggaf Seyon 2.14 b Relative Path Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/780/info Seyon uses relative pathnames to spawn two other programs which it requires. It is possible to exploit this vulnerability to obtain the priviliges which seyon runs with. It is installed by default setgid dialer o...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

RobTex Viking Server 1.0.7 Relative Path Webroot Escaping Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2643/info The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems. A problem in the software...

7.1AI score
Exploits0
CERT
CERT
added 2014/04/14 12:0 a.m.42 views

Xangati software release contains relative path traversal and command injection vulnerabilities

Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...

9CVSS6.9AI score0.06112EPSS
Exploits0References3
securityvulns
securityvulns
added 2014/03/18 12:0 a.m.26 views

x2goserver privilege escalation

Relative path is used to execute application...

7.5CVSS3.1AI score0.02748EPSS
Exploits0References1
ICS
ICS
added 2013/12/22 7:0 a.m.68 views

Siemens WinCC 7.0 SP3 Multiple Vulnerabilities

Overview This advisory provides mitigation details for vulnerabilities that impact the Siemens SIMATIC WinCC. Positive Technologies and Siemens ProductCERT have identified multiple vulnerabilities in the Siemens SIMATIC WinCC, which is used to configure SIMATIC operator devices. Siemens has...

6.8CVSS8.6AI score0.03361EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2013/12/01 12:0 a.m.7 views

PT-2013-79: Relative path traversal in SIMATIC WinCC Open Architecture

The specialists of the Positive Research center have detected a Relative path traversal vulnerability in SIMATIC WinCC Open Architecture. The SIMATIC WinCC OA integrated Web server at Port 4999/TCP might allow attackers to traverse through the server’s file system based on the application’s Windo...

5CVSS6.7AI score0.03507EPSS
Exploits0References5
seebug.org
seebug.org
added 2013/07/13 12:0 a.m.13 views

HDWiki Xss+CSRF GetShell 0day

简要描述: 啊,这个不知道有没有奖金. Xss + CSRF = Getshell 详细说明: 主要两处问题: 一、前台创建词条时插入内容只是editor的js对敏感code做了客户端过滤,传入服务器后服务器端过滤不够严格,构成Xss。 二、后台对文件编辑时没有限制相对路径的使用,文件可以直接使用相对路径编辑在列表里可以看到默认是绝对路径的,并且在编辑文件位置没有进行验证,构成CSRF。 漏洞证明: 具体利用Getshell: 普通用户前台创建词条: 发布,截包修改: 这里插入的是一个写好的JS,编辑install/index.php内容为一句话木马。 内容如下: function aj...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.30 views

perl Module::Signature privilege escalation

Relative path is used to execute external application...

4.4CVSS3.1AI score0.00553EPSS
Exploits1References1
0day.today
0day.today
added 2013/06/13 12:0 a.m.48 views

Airlive IP Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications 1.Advisory Information Title: Airlive Multiple Vulnerabilities Date Published: 12/06/2013 Date of last updated: 12/06/2013 2.Vulnerability Description Multiple vulnerabilities have been found in this devices: -CVE-2013-3540. Cross Site...

6.8CVSS0.2AI score0.27567EPSS
Exploits8
Packet Storm
Packet Storm
added 2013/06/13 12:0 a.m.34 views

Airlive CSRF / Traversal / Disclosure / Denial Of Service

=========================================================================== AIRLIVE ==================================================================== =========================================================================== 1.Advisory Information Title: Airlive Multiple Vulnerabilities Date...

10CVSS7.5AI score0.27567EPSS
Exploits8
Prion
Prion
added 2013/02/06 12:5 p.m.21 views

Directory traversal

Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path...

6.5CVSS7.3AI score0.0214EPSS
Exploits0References1Affected Software2
myhack58
myhack58
added 2012/09/17 12:0 a.m.16 views

Readily remember arbitrary file upload flaws and fixes-vulnerability warning-the black bar safety net

Heard readily lend good make, registration number ready to buy a membership first try Pass avatar when the first-mover can now select all of the files, selected a qq. exe, point to upload, the bottom right corner traffic moving, Tip: incorrect format, open firebug, and then upload the returned fi...

0.9AI score
Exploits0
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.24 views

CentOS Update for xmlsec1 CESA-2011:0486 centos5 x86_64

Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.1CVSS8.1AI score0.08057EPSS
Exploits0References2
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.61 views

[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x and 1.5.x Description: It is possible to view the content of any file of a web application by using an Url to a Wicket resource which resolves to a 'null' package. With such a Url the attacker can...

1.1AI score0.05518EPSS
Exploits1
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.29 views

CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386

Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.1CVSS8.1AI score0.08057EPSS
Exploits0References2
Rows per page
Query Builder