Lucene search
K

1630 matches found

Packet Storm
Packet Storm
added 2019/03/05 12:0 a.m.142 views

MarcomCentral FusionPro VDP Creator Directory Traversal

!/usr/bin/env python ''' Exploit Title: MarcomCentral FusionPro VDP Creator :/Windows/System32/drivers/etc/hosts. No slash-dot-dots /../.. are required, but you can add some if you want. Note that the slashes are forward slashes! By default, the service sets up a listener on port 8080. Vendor...

0.3AI score0.14215EPSS
Exploits3
Vaadin
Vaadin
added 2018/11/29 12:0 a.m.39 views

Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and Vaadin 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. See CWE-754: Improper Check for Unusual or Exceptional...

4.3CVSS1.2AI score0.00574EPSS
Exploits0References1Affected Software2
Veracode
Veracode
added 2018/07/09 1:41 a.m.19 views

Privilege Escalation

ASP.NET Core and .NET Core are affected by a privilege escalation vulnerability. An unauthenticated attacker could submit malicious input which would lead to privilege escalation due to the way the web request handler handles web requests...

7.3CVSS7.2AI score0.04134EPSS
Exploits0References2Affected Software19
BDU FSTEC
BDU FSTEC
added 2018/04/04 12:0 a.m.8 views

The vulnerability of the NVBUEventHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUEventHistory Get request handler in the NetVault Backup data archiving and restoration software lies in the insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code...

9.8CVSS6AI score0.03933EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/04/04 12:0 a.m.7 views

The vulnerability of the NVBUTransferHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUTransferHistory Get request handler in the NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9.8CVSS6.1AI score0.03933EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/03/28 12:0 a.m.8 views

The vulnerability of the request handler of the NVBUSourceDeviceSet Get function in the software for data archiving and restoration by NetVault Backup allows a attacker to execute arbitrary code.

The vulnerability of the NVBUSourceDeviceSet Get request handler in software for data archiving and restoration in NetVault Backup is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

9.8CVSS6AI score0.03933EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/12/05 9:29 a.m.28 views

CVE-2017-16930

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging...

10CVSS9.8AI score0.3434EPSS
Exploits4References3
Cvelist
Cvelist
added 2017/12/05 9:0 a.m.32 views

CVE-2017-16930

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging...

9.9AI score0.3434EPSS
Exploits4References3
Cvelist
Cvelist
added 2017/10/14 9:0 p.m.31 views

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

9.8AI score0.91896EPSS
Exploits11References24
Tenable Nessus
Tenable Nessus
added 2016/01/22 12:0 a.m.48 views

Ipswitch WhatsUp Gold < 16.4 Multiple Vulnerabilities

The remote host has a version of Ipswitch WhatsUp Gold installed that is prior to 16.4.0. It is, therefore, affected by the following vulnerabilities : - Multiple SQL injection vulnerabilities exist due to improper sanitization of user-supplied input to the 'sUniqueID' parameter and the 'find...

9.8CVSS7.4AI score0.0355EPSS
Exploits6References4
Exploit DB
Exploit DB
added 2015/06/01 12:0 a.m.70 views

IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution

!/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: function runmumaa On Error Resume Next set shell=createobject"Shel...

9.3CVSS8.6AI score0.94996EPSS
Exploits39
Zero Day Initiative
Zero Day Initiative
added 2015/02/20 12:0 a.m.44 views

Dell ScriptLogic Asset Manager GetClientPackage SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this security flaw, an attacker would make a...

7.5CVSS7.2AI score0.17558EPSS
Exploits0References1
exploitpack
exploitpack
added 2015/01/04 5:2 p.m.26 views

Symantec-Endpoint-Protection-Manager

Symantec has an http request handler called ConfigServerHandler that is programmatically restricted to only handle requests that come from localhost. I guess when they wrote this they just assumed that there was never going to be a way to send untrusted input to it since it was always going to be...

0.2AI score
Exploits0
NVD
NVD
added 2014/12/07 9:59 p.m.19 views

CVE-2014-9304

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...

7.5CVSS7.4AI score0.08109EPSS
Exploits1References3
Prion
Prion
added 2014/12/07 9:59 p.m.21 views

Server side request forgery (ssrf)

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...

7.5CVSS7.9AI score0.08109EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2014/04/14 11:55 p.m.4 views

UBUNTU-CVE-2014-2739

The cmareqhandler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet aka RoCE address that is properly resolved within a different module, which allows remote attackers to cause a denial of service incorrect...

4.6CVSS5.8AI score0.01604EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2014/01/15 5:45 p.m.7 views

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS5.8AI score0.114EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.4 views

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS5.8AI score0.114EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.4 views

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS5.8AI score0.114EPSS
Exploits0References4
OSV
OSV
added 2013/12/07 8:55 p.m.3 views

DEBIAN-CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS6.9AI score0.114EPSS
Exploits0References1
Rows per page
Query Builder