Lucene search
K

333 matches found

Cvelist
Cvelist
added 2005/02/10 5:0 a.m.35 views

CVE-2005-0285

Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs...

6.5AI score0.01431EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.25 views

GLSA-200408-05 : Opera: Multiple new vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200408-05 Opera: Multiple new vulnerabilities Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the 'location' browser object. An attacker can overwrite methods in this object a...

5CVSS5.6AI score0.02989EPSS
Exploits1References5
NVD
NVD
added 2002/12/31 5:0 a.m.16 views

CVE-2002-1961

Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name FQDN that ends in a "." dot...

7.5CVSS6.6AI score0.01813EPSS
Exploits1References4
NVD
NVD
added 2002/12/31 5:0 a.m.17 views

CVE-2002-1962

Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname...

7.5CVSS6.7AI score0.01872EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2002/06/15 12:0 a.m.29 views

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not sufficiently check or sanitize input. When the "allowurlfope...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/03/22 12:0 a.m.27 views

Automatically opening IE + Executing attachments

GreyMagic Security Advisory GM002-IE ===================================== By GreyMagic Software, Israel. 22 Mar 2002. Available in HTML format at http://security.greymagic.com/adv/gm002-ie/ Topic: Automatically opening IE + Executing attachments. Discovery date: 15 Mar 2002. Important note:...

6AI score
Exploits0
NVD
NVD
added 2001/07/21 4:0 a.m.19 views

CVE-2001-0537

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL...

9.3CVSS7AI score0.6845EPSS
Exploits8References10
Exploit DB
Exploit DB
added 2001/02/12 12:0 a.m.37 views

carey internets services commerce.cgi 2.0.1 - Directory Traversal

source: https://www.securityfocus.com/bid/2361/info It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/12/21 12:0 a.m.15 views

Переполнение буфера в BEA Weblogic

Классическое переполнение буфера при обращении к URL начинающимся с двух точек...

0.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/11/17 12:0 a.m.55 views

Утечка данных из RealServer

При обращении по URL вида http://targetserver/admin/includes/ сервер выдает данные из оперативной памяти, которые могут содержать важную информацию...

7.1AI score
Exploits0References1Affected Software1
NVD
NVD
added 2000/10/20 4:0 a.m.24 views

CVE-2000-0759

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path...

6.4CVSS6AI score0.2566EPSS
Exploits1References3
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.54 views

CVE-2000-0652

IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string...

6.6AI score0.07833EPSS
Exploits1References3
CVE
CVE
added 2000/04/25 4:0 a.m.50 views

CVE-2000-0050

The Allaire Spectra Webtop contains an access-control flaw: authenticated users can reach other Webtop sections by directly specifying explicit URLs. This implies horizontal privilege escalation via URL manipulation. The issue is described in CVE-2000-0050 with a CVSS v2 base score of 4.6 (Medium...

4.6CVSS6.7AI score0.00336EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder