Lucene search
K

2692 matches found

Exploit DB
Exploit DB
added 2007/12/30 12:0 a.m.36 views

XCMS 1.83 - Remote Command Execution

Name : XCMS So the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So let's take a look to the bugged code. So with a simple html form we can change the footer. Ex: /textarea input type=...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/12 12:0 a.m.19 views

FreeBSD : gallery2 -- multiple vulnerabilities (9b718b82-8ef5-11dc-8e42-001c2514716c)

Gallery project reports : Gallery 2.2.3 addresses the following security vulnerabilities : - Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas - Unauthorized modification and retrieval of item properties possible with WebDAV - Unauthorized locking and replacing of...

6.4CVSS5.4AI score0.01695EPSS
Exploits0References2
CVE
CVE
added 2007/07/06 6:0 p.m.46 views

CVE-2007-3591

The CVE-2007-3591 issue affects Elite Bulletin Board, prior to version 1.0.10, in the Profile.php handling. The root cause is described as missing authorization checks on a remote form, enabling remote modification of profile information via unspecified vectors. Impact is limited to unauthorized ...

5CVSS6.4AI score0.01222EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/02/03 11:0 p.m.20 views

CVE-2007-0472

Multiple race conditions in Smb4K before 0.8.0 allow local users to 1 modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the removelockfile function in core/smb4kfileio.cpp, and 2 add lines to the sudoers file via a symlink attack on...

6.2AI score0.00341EPSS
Exploits0References14
NVD
NVD
added 2005/06/23 4:0 a.m.20 views

CVE-2005-0771

VERITAS Backup Exec Server beserver.exe 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106...

10CVSS6.7AI score0.54155EPSS
Exploits2References7
Exploit DB
Exploit DB
added 2005/05/05 12:0 a.m.525 views

MidiCart PHP - 'Item_List.php?MainGroup' SQL Injection

source: https://www.securityfocus.com/bid/13513/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/11/05 12:0 a.m.48 views

GLSA-200411-09 : shadow: Unauthorized modification of account information

The remote host is affected by the vulnerability described in GLSA-200411-09 shadow: Unauthorized modification of account information Martin Schulze reported a flaw in the passwdcheck function in 'libmisc/pwdcheck.c' which is used by chfn and chsh. Impact : A logged-in local user with an expired...

4.6CVSS5.5AI score0.00347EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2004/11/04 12:0 a.m.24 views

shadow: Unauthorized modification of account information

Background shadow provides a set of utilities to deal with user accounts. Description Martin Schulze reported a flaw in the passwdcheck function in "libmisc/pwdcheck.c" which is used by chfn and chsh. Impact A logged-in local user with an expired password may be able to use chfn and chsh to chang...

4.6CVSS1.4AI score0.00347EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.50 views

Apache Tomcat 4.1.x < 4.1.40 / 5.5.x < 5.5.28 / 6.0.x < 6.0.20 Multiple Vulnerabilities

Binary data 5044.pasl...

5CVSS5.6AI score0.18685EPSS
Exploits1References2
securityvulns
securityvulns
added 2001/02/28 12:0 a.m.94 views

Security Advisory: Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability Revision 1.0: INTERIM For Public Release 2001 February 27 04:00 US/Eastern UTC+0500 Summary Cisco IOS software releases based on versions 11.x and 12.0 contain a defe...

0.4AI score
Exploits0
CVE
CVE
added 2000/10/13 4:0 a.m.46 views

CVE-2000-0483

The CVE-2000-0483 entry concerns the Zope DocumentTemplate package in Zope 2.2 and earlier. The issue allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization (unauthenticated write), representing a potential for content tampering. The root cause is a lack of proper a...

7.5CVSS6.5AI score0.02944EPSS
Exploits0References8Affected Software2
NVD
NVD
added 2000/06/15 4:0 a.m.15 views

CVE-2000-0483

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization...

7.5CVSS6.5AI score0.02944EPSS
Exploits0References8
Rows per page
Query Builder