Lucene search
K

320 matches found

exploitpack
exploitpack
added 2017/05/09 12:0 a.m.42 views

I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting

I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...

0.7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/10/14 12:0 a.m.52 views

Ruby on Rails Action Pack RCE Vulnerability (Feb 2016) - Windows

Ruby on Rails is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.8AI score0.81445EPSS
Exploits7References3
OpenVAS
OpenVAS
added 2016/08/04 12:0 a.m.23 views

phpMyAdmin Double URL Decoding XSS Vulnerability (PMASA-2016-16) - Windows

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS5.7AI score0.01103EPSS
Exploits0References2
0day.today
0day.today
added 2016/07/25 12:0 a.m.43 views

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/10 12:0 a.m.39 views

Debian DSA-3509-1 : rails - security update

Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. - CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files...

7.5CVSS6.6AI score0.81445EPSS
Exploits8References7
Ubuntu
Ubuntu
added 2015/11/18 5:53 p.m.59 views

USN-2814-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges...

6.6CVSS5.3AI score0.00396EPSS
Exploits0
OSV
OSV
added 2015/11/18 5:53 p.m.3 views

USN-2814-1 nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352, nvidia-graphics-drivers-352-updates vulnerability

It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges...

6.6CVSS5.8AI score0.00396EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/11/21 12:0 a.m.108 views

FreeBSD : yii -- Remote arbitrary PHP code execution (5a35bc56-7027-11e4-a4a3-001999f8d30b)

Yii PHP Framework developers report : We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 i...

7.5CVSS5.7AI score0.02122EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

OpenEngine 1.7/1.8 Template Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17871/info openEngine is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to access privileged a...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2014/02/25 8:33 p.m.12 views

New Apple vulnerability allows Malicious keylogger App to Record User Inputs

Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger's every action on iOS Devices i.e. iPhone, iPad etc. The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researcher...

6.4AI score
Exploits0
seebug.org
seebug.org
added 2014/02/21 12:0 a.m.22 views

Thinksaas 失败的getshell & 一枚注入。

简要描述: /为什么最新一直被走小厂商? 累觉不爱。/ 本来还以为能够直接前台getshell的。 能直接把代码写入文件。 但是最后也都败给了转义符。 还是来注入把。 详细说明: 0x01 失败的Getshell。 \app\mail\action\admin\do.php 访问这里 无需登录。 $arrData = array 'appname' = trim$POST'appname', 'appdesc' = trim$POST'appdesc', 'isenable' = trim$POST'isenable', 'mailhost' = trim$POST'mailhost',...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/01/03 12:0 a.m.20 views

phpMyRecipes Multiple Vulnerabilities

phpMyRecipes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.02348EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2013/05/23 12:0 a.m.20 views

Jojo CMS Multiple Vulnerabilities

Jojo CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.03233EPSS
Exploits2References5
exploitpack
exploitpack
added 2010/01/01 12:0 a.m.19 views

CMS Made Simple 1.x - Cross-Site Scripting Cross-Site Request Forgery

CMS Made Simple 1.x - Cross-Site Scripting Cross-Site Request Forgery source: https://www.securityfocus.com/bid/40483/info CMS Made Simple is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied inputs. The application is also...

0.6AI score
Exploits0
0day.today
0day.today
added 2009/11/16 12:0 a.m.29 views

PHD Help Desk v1.43 Mutliple XSS

Exploit for unknown platform in category web applications ================================ PHD Help Desk v1.43 Mutliple XSS ================================ Mutliple XSS in PHD Help Desk v1.43 Name Multiple vulnerabilities in PHD Help Dsk Systems Affected PHD Help Desk v1.43 and possibly earlier...

7.1AI score
Exploits0
OSV
OSV
added 2008/10/15 12:0 a.m.7 views

DTSA-171-1 mediawiki - cross site scripting

Bulletin has no description...

4.3CVSS6.3AI score0.01595EPSS
Exploits0
Prion
Prion
added 2008/03/27 10:44 a.m.26 views

Code injection

GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab...

4.3CVSS6.5AI score0.01791EPSS
Exploits1References34Affected Software2
NVD
NVD
added 2007/04/11 10:19 p.m.26 views

CVE-2007-1363

Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in the delete action in a search.php or b search-pda.php, or the 2 calories parameter in a save action in editlogcal.php...

7.5CVSS8.4AI score0.01069EPSS
Exploits1References5
securityvulns
securityvulns
added 2004/07/07 12:0 a.m.32 views

Multiple browsers security dialogs race conditions

By forcing user to type predictable characters, key sequences or mouse clicks it's possible to conduct situation user event will be received by shortly appeared security dialog for example "Save file" dialog can apper then user is about to press Y key...

3.7AI score
Exploits0References1
exploitpack
exploitpack
added 2004/02/01 12:0 a.m.12 views

ASP Portal - Multiple Vulnerabilities

ASP Portal - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic...

0.2AI score
Exploits0
Rows per page
Query Builder