Lucene search
K

104 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Looking Glass 20040427 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14682/info Looking Glass may be exploited to execute arbitrary commands. An attacker can prefix arbitrary commands with the '|' character, supply them through a URI parameter and have them executed in the context of the...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.124 views

cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/06/25 12:0 a.m.4 views

Simple E-Document upload Remote Code Execution

A remote code execution vulnerability has been found in Simple E-Document. The vulnerability is due to the access cookie which could be abused to bypass authentication. A remote attacker can exploit this weakness to upload malicious PHP files which could result in arbitrary code execution in the...

4.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/12/13 12:0 a.m.21 views

Fedora 18 : mod_nss-1.0.8-27.fc18 (2013-22786)

A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context specified either via or directive. If 'NSSVerifyClient none' was set in the server / vhost context i.e. when server is configured to not request or require client...

4CVSS8AI score0.02003EPSS
Exploits0References3
OSV
OSV
added 2013/12/12 6:55 p.m.2 views

UBUNTU-CVE-2013-4566

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...

4CVSS7.3AI score0.02003EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/12/03 4:36 p.m.8 views

mod_nss: incorrect handling of NSSVerifyClient in directory context

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...

4CVSS7.4AI score0.02003EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2013/06/04 12:0 a.m.21 views

Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)

The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server...

9.3CVSS8.4AI score0.72778EPSS
Exploits11
seebug.org
seebug.org
added 2013/01/26 12:0 a.m.22 views

Drupal Video Module 任意PHP代码执行漏洞

BUGTRAQ ID: 57525 Drupal是一款开源的内容管理平台。 Drupal Video 7.x-2.x模块存在任意PHP代码执行漏洞,攻击者可利用此漏洞在Web服务器上下文中执行任意PHP代码。 0 Drupal Video module 厂商补丁: Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://drupal.org/project/video...

6.9AI score
Exploits0
Metasploit
Metasploit
added 2012/11/19 9:12 p.m.19 views

Narcissus Image Configuration Passthru Vulnerability

This module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configureimage function. In this function, the $release parameter can be used to inject system...

8AI score
Exploits0
exploitpack
exploitpack
added 2012/07/17 12:0 a.m.18 views

AVA VoIP - Multiple Vulnerabilities

AVA VoIP - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/54591/info AVA VoIP is prone to multiple security vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/06 12:0 a.m.31 views

IpTools 0.1.4 - Tiny TCP/IP servers Directory Traversal

source: https://www.securityfocus.com/bid/51311/info IpTools Tiny TCP/IP servers is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface. Exploiting this issue will allow an attacker to view arbitrary files withi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/05/05 12:0 a.m.29 views

BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure

source: https://www.securityfocus.com/bid/47731/info BMC Dashboards is prone to to multiple information-disclosure and cross-site scripting issues because the application fails to properly sanitize user-supplied input. A remote attacker may leverage the cross-site scripting issues to execute...

7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2011/03/02 12:0 a.m.26 views

PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Postgres Plus Advanced Server DBA Management Server. Authentication is not required to exploit this vulnerability. The flaw exists within the DBA Management Server component which listens by defaul...

10CVSS8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2010/08/02 12:0 a.m.21 views

Mongoose Web Server <= 2.8 Slash Character Remote File Disclosure Vulnerability

Mongoose Web Server is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

5CVSS6.6AI score0.06677EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2009/08/06 8:41 p.m.5 views

OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...

7.8CVSS6.1AI score0.02318EPSS
Exploits0References4
securityvulns
securityvulns
added 2008/12/11 12:0 a.m.38 views

Microsoft SQL Server 2000 sp_replwritetovarbin privilege escalation

It's possible to overwrite process internal data and execute code in server context...

4AI score
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2008/08/12 12:0 a.m.10 views

Bugzilla 3.1.4 - --attach_path Directory Traversal

Bugzilla 3.1.4 - --attachpath Directory Traversal source: https://www.securityfocus.com/bid/30661/info Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrar...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/08 12:0 a.m.21 views

Campsite 2.6.1 - &#039;SubscriptionSection.php?g_documentRoot&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier versions may also be affected...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/02 12:0 a.m.20 views

CuteNews 1.4.1 - &#039;show_archives.php&#039; Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/15295/info CuteNews is affected by a directory traversal vulnerability. An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' through an affected URI parameter. Exploitation of this vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/09/30 12:0 a.m.16 views

Merak Mail Server 8.2.4 r - Arbitrary File Deletion

source: https://www.securityfocus.com/bid/14988/info Merak Mail Server is affected by an arbitrary file deletion vulnerability. This issue arises due to an input validation error allowing an attacker to delete files in the context of the Web server running the application. An attacker can exploit...

7AI score
Exploits0
Rows per page
Query Builder