Lucene search
K

232 matches found

Veracode
Veracode
added 2018/06/08 1:10 a.m.14 views

Directory Traversal

shit-server is vulnerable to directory traversal attacks. This is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...

7.5CVSS7.3AI score0.02005EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2018/06/07 4:26 p.m.12 views

Directory Traversal

tmock is vulnerable to directory traversal attacks. This attack is possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...

7.5CVSS7.3AI score0.02005EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2018/06/07 8:36 a.m.15 views

Directory Traversal

mockserve is vulnerable to directory traversal attacks. It is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...

7.5CVSS7.3AI score0.02005EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2018/06/05 2:43 a.m.16 views

Directory Traversal

hftp is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...

7.5CVSS7.3AI score0.02005EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/01/26 9:0 p.m.19 views

CVE-2017-1279

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 124757...

6.3AI score0.01855EPSS
Exploits0References2
Prion
Prion
added 2017/12/11 9:29 p.m.18 views

Design/Logic Flaw

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 131288...

5CVSS5.2AI score0.02166EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/09/28 1:29 a.m.15 views

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 132117...

7.5CVSS7.3AI score0.02898EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/09/27 5:0 p.m.14 views

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 132117...

7.3AI score0.02898EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/09/26 2:0 a.m.27 views

CVE-2017-14001

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...

9.2AI score0.06447EPSS
Exploits0References2
Veracode
Veracode
added 2017/06/29 3:27 a.m.10 views

Directory Traversal

koa-static-cache is vulnerable to directory traversal attacks. The library does not check the path of the URL request, allowing attackers to use %2E%2E/ in its URL request to access any files from the server. This attack can only be executed if the application is in dynamic mode...

6.7AI score
Exploits0
NVD
NVD
added 2017/05/03 5:59 p.m.14 views

CVE-2016-9976

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252...

8.4CVSS8.3AI score0.01715EPSS
Exploits0References2
Veracode
Veracode
added 2017/04/25 2:58 a.m.10 views

Path Traversal

list-n-stream is vulnerable to path traversal attacks. The vulnerability is possible because it fails to sanitize the URL request and prevent access to sensitive files and data on the server. Attackers can leak passwords if they request the /api/v1/fs/..%2f..%2fetc/passwd URL...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2017/02/13 9:59 p.m.9 views

Double free

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of...

6.8CVSS7.5AI score0.02072EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/02/01 10:59 p.m.14 views

Design/Logic Flaw

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences /../ to view arbitrary files on the system...

4CVSS7AI score0.01812EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/01/13 9:59 a.m.15 views

CVE-2016-10138

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

7.8CVSS7.7AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2016/09/11 10:0 a.m.92 views

CVE-2016-5162

The CVE-2016-5162 entry describes a Chrome vulnerability in the AllowCrossRendererResourceLoad function (extensions/browser/url_request_util.cc) where the web_accessible_resources manifest field was not correctly restricting IFRAME usage. Affects Google Chrome prior to 53.0.2785.89 (Windows/OS X)...

6.5CVSS6.7AI score0.01389EPSS
Exploits0References12Affected Software1
Exploit DB
Exploit DB
added 2015/06/10 12:0 a.m.229 views

GeoVision (GeoHttpServer) Webcams - Remote File Disclosure

!/usr/bin/python import os import sys import socket import binascii ''' Title : GeoVision GeoHttpServer WebCams Remote File Disclosure Exploit CVE-ID : none Product : GeoVision System : GeoHttpServer Affected : 8.3.3.0 may be more Impact : Critical Remote : Yes Website link:...

7.4AI score
Exploits0
Prion
Prion
added 2015/05/25 2:59 p.m.14 views

Information disclosure

The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document...

5CVSS6.4AI score0.01209EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/05/07 12:0 a.m.5 views

The vulnerability of Google Chrome browser allows a malicious intruder to gain access to protected information.

The vulnerability of Google Chrome’s URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc lies in the absence of replacing the ws scheme with wss when using the HSTS policy a mechanism for enforcing HTTPS use. As a result, attackers who monitor traffic can gain access to protected...

5CVSS8AI score0.01445EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/04/20 12:0 a.m.2 views

Google Chrome 'URLRequest::GetHSTSRedirect' Information Disclosure Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the 'URLRequest::GetHSTSRedirect' function in the urlrequest/urlrequest.cc file in versions of Google Chrome prior to 42.0.2311.90, which stems from a program that failed to replace the ws scheme with the...

5CVSS6.6AI score0.01445EPSS
Exploits0References1
Rows per page
Query Builder