Lucene search
K

549 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

CyberCMS Remote SQL Injection Vuln.

No description provided by source. Exploit Title: CyberCMS Remote SQL Injection Vuln. Date: 26/11/2009 Author: hc0de | hc0de.blogspot.comhttp://hc0de.blogspot.com Software Link: http://cyberfusion.ramx.org/cyber-cms Version: app version Tested on: Ubuntu Linux 9.04 CVE : PoC: +Target:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Maian Gallery 2 - Local File Download Vulnerability

No description provided by source. !/usr/bin/python This vulnerability uses filegetcontents so we have some limitations, we cant execute PHP and we cant read files that the web server will interpret such as PHP, conf etc tested on: Ubuntu Linux 2.6.32 with php v5.3.2 registerglobals = Off PRIVATE...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Mozilla Firefox 3.0 - Malformed JPEG File Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29984/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. This issue affects Firefox...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.26 views

openSUSE Security Update : python-apache-libcloud (openSUSE-SU-2014:0198-1)

Updated to 0.13.3 bnc857209, CVE-2013-6480 + Security fix release, for destroying nodes on digitalOcean 'datascrub' method is always invoked - Require python-setuptools instead of distribute upstreams merged - Updated to 0.13.2 - General : - Don't sent Content-Length: 0 header with POST and PUT...

2.1CVSS5.4AI score0.0206EPSS
Exploits1References3
NVD
NVD
added 2014/05/22 11:55 p.m.15 views

CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

2.1CVSS6.1AI score0.00376EPSS
Exploits0References3
NVD
NVD
added 2014/05/22 11:55 p.m.21 views

CVE-2012-0943

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

2.1CVSS6.1AI score0.00762EPSS
Exploits0References3
Prion
Prion
added 2014/05/22 11:55 p.m.19 views

Session fixation

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

2.1CVSS6.4AI score0.00762EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2014/05/22 11:55 p.m.37 views

CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

2.1CVSS5.9AI score0.00376EPSS
Exploits0References4
Prion
Prion
added 2014/05/22 11:55 p.m.23 views

Design/Logic Flaw

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

2.1CVSS6.7AI score0.00762EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2014/05/22 11:0 p.m.46 views

CVE-2012-6648

Summary: CVE-2012-6648 affects gdm-guest-session up to version 0.24 (used in Ubuntu 10.04 LTS, 10.10, 11.04). A local user can delete arbitrary files in /tmp by crafting a filename containing a space. The issue is tied to gdm/guest-session-cleanup.sh behavior in the guest-session setup, as split ...

2.1CVSS6.2AI score0.00376EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2014/05/22 11:0 p.m.65 views

CVE-2012-0943

CVE-2012-0943 concerns debian/guest-account in LightDM (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu 11.10. Affected component: guest-account cleanup in LightDM; root cause described as a vulnerability allowing local users to delete arbitrary files via a space in the name...

2.1CVSS6.2AI score0.00762EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2014/05/22 11:0 p.m.25 views

CVE-2012-0943

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

6.1AI score0.00762EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2014/05/22 11:0 p.m.20 views

CVE-2012-0943

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

2.1CVSS6.2AI score0.00762EPSS
Exploits0
OSV
OSV
added 2014/02/05 7:55 p.m.10 views

CVE-2011-4613

The X.Org X wrapper xserver-wrapper.c in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY...

6AI score
Exploits0References3
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.37 views

DoS vulnerability in Adobe Flash Player (BSOD)

Hello 3APA3A! At beginning of this year I informed you about DoS vulnerability in Adobe Flash. Look at advisory http://seclists.org/fulldisclosure/2013/Apr/9 with exploit and video demonstration http://www.youtube.com/watch?v=xi29KZ3LD80 of previous DoS in Flash. Adobe hiddenly fixed it in the...

1.6AI score
Exploits0
Exploit DB
Exploit DB
added 2013/12/11 12:0 a.m.63 views

vBulletin 5 - 'index.php/ajax/api/reputation/vote?nodeid' SQL Injection (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injection...

6.5CVSS7.4AI score0.27084EPSS
Exploits9
0day.today
0day.today
added 2013/12/11 12:0 a.m.53 views

vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since...

6.5CVSS0.3AI score0.27084EPSS
Exploits9
OSV
OSV
added 2013/10/04 5:55 p.m.1 views

UBUNTU-CVE-2013-4788

The PTRMANGLE implementation in the GNU C Library aka glibc or libc6 2.4, 2.17, and earlier, and Embedded GLIBC EGLIBC does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow...

5.1CVSS7.1AI score0.11428EPSS
Exploits2References3
OSV
OSV
added 2013/09/16 12:0 a.m.2 views

UBUNTU-CVE-2013-2899

drivers/hid/hid-picolcdcore.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDPICOLCD is enabled, allows physically proximate attackers to cause a denial of service NULL pointer dereference and OOPS via a crafted device...

4.7CVSS7AI score0.00466EPSS
Exploits0References12
NVD
NVD
added 2013/08/19 1:7 p.m.28 views

CVE-2013-2162

Race condition in the post-installation script mysql-server-5.5.postinst for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive...

1.9CVSS5.5AI score0.0035EPSS
Exploits1References6
Rows per page
Query Builder