CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2015/03/26 12:0 a.m.•25 views

Debian DLA-148-1 : sympa security update

A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user. NOTE:...

5CVSS5.4AI score0.02436EPSS

Exploits0References3

RedHat Linux•added 2015/03/24 9:5 p.m.•0 views

Framework: directory traversal flaw

A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs. A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running...

5CVSS5.8AI score0.1005EPSS

Exploits5References4

RedHat Linux•added 2015/03/24 9:5 p.m.•1 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

7.5CVSS5.7AI score0.03857EPSS

RedHat Linux•added 2015/02/17 10:27 p.m.•1 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

7.5CVSS5.7AI score0.03857EPSS

RedHat Linux•added 2015/02/11 8:18 p.m.•3 views

RESTeasy: External entities expanded by DocumentProvider

It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...

6.4CVSS5.8AI score0.01955EPSS

RedHat Linux•added 2015/01/12 5:32 p.m.•8 views

Odata4j: XML eXternal Entity (XXE) flaw

It was found that Odata4j permitted XML eXternal Entity XXE attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user running th...

5CVSS5.8AI score0.0211EPSS

Exploits1References4

RedHat Linux•added 2014/11/25 4:48 p.m.•6 views

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

7.5CVSS7.4AI score0.04572EPSS

Hacker One•added 2014/07/16 10:30 p.m.•24 views

DigitalSellz: Verbose SQL error messages

When an SQL error occurs, a verbose error is displayed showing the full query and the path of the include file on the server. This is valuable information, revealing the structure of the database and the layout of files on the server...

3.3AI score

seebug.org•added 2014/07/01 12:0 a.m.•27 views

Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing ../ to exit the local director...

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Western Digital Arkeia Appliance v10.0.10 Date: Sep 17 2013 Exploit Author: xistence xistenceat0x90.nl Vendor Homepage: www.arkeia.com Tested on: Virtual Appliance - ESXi 5.1 Affected Version : v10.0.10 and lower Link:...

seebug.org•added 2014/07/01 12:0 a.m.•11 views

Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1884/info Samba is a set of of programs that allow Windows® clients access to a Unix server's filespace and printers over NetBIOS. A directory traversal vulnerability exists in Microsoft's implementation of the SMB file a...

seebug.org•added 2014/07/01 12:0 a.m.•13 views

id software quake ii server 3.2 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An...

seebug.org•added 2014/07/01 12:0 a.m.•16 views

Allaire Forums 2.0.4 Getfile Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/229/info An Allaire Forums file GetFile.cfm in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier. Type the URL...

seebug.org•added 2014/07/01 12:0 a.m.•13 views

PBLang Bulletin Board System 4.x SendPM.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12690/info PBLang is reported prone to a directory traversal vulnerability. It is reported that the issue exists due to a lack of sufficient sanitization performed on user-supplied input. A remote attacker may exploit thi...

seebug.org•added 2014/07/01 12:0 a.m.•12 views

betaparticle blog 2.0/3.0 myFiles.asp Unauthenticated File Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential...

seebug.org•added 2014/07/01 12:0 a.m.•23 views

escripts software e_board 4.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12048/info It is reported that eBoard is vulnerable to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. By including '../' directory traversa...