Lucene search
K

195 matches found

Tenable Nessus
Tenable Nessus
added 2006/04/08 12:0 a.m.36 views

GLSA-200604-02 : Horde Application Framework: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200604-02 Horde Application Framework: Remote code execution Jan Schneider of the Horde team discovered a vulnerability in the help viewer of the Horde Application Framework that could allow remote code execution CVE-2006-1491. Pa...

7.5CVSS6.5AI score0.38441EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2006/03/16 12:0 a.m.301 views

Horde < 3.1 go.php url Parameter File Disclosure

Binary data 3477.prm...

5CVSS7AI score0.12174EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2006/03/03 12:0 a.m.54 views

Limbo CMS index.php Itemid Parameter Arbitrary Command Execution

The remote host is running Limbo CMS, a content-management system written in PHP. The installed version of Limbo fails to sanitize input to the 'Itemid' parameter before using it as part of a search string in an 'eval' statement in the 'classes/adodbt/readtable.php' script. Regardless of PHP's...

7.5CVSS6AI score0.03281EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/02/05 12:0 a.m.70 views

Loudblog backend_settings.php Multiple Parameter Remote File Inclusion

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The installed version of Loudblog fails to validate user input to the 'GLOBALSpath' and 'language' parameters before using them in the 'loudblog/inc/backendsettings.php' script in a PHP 'includ...

7.5CVSS5.8AI score0.09164EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2005/11/16 12:0 a.m.73 views

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...

10CVSS6.4AI score0.02688EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2005/11/14 12:0 a.m.19 views

TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki installed on the remote host fails to sanitize input to the 'language' parameter of the 'tiki-userpreferences.php' script before using it in a PHP 'include' function. An authenticated...

7.5CVSS6.2AI score0.0265EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/11/04 12:0 a.m.49 views

CuteNews Multiple Script Traversal Privilege Escalation

The version of CuteNews installed on the remote host fails to sanitize input to the 'template' parameter of the 'showarchives.php' and 'shownews.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the...

5CVSS6.3AI score0.12449EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/10/26 12:0 a.m.75 views

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web serve...

5CVSS5.7AI score0.05617EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/09/22 12:0 a.m.24 views

PunBB < 1.2.8 Multiple Vulnerabilities

Binary data 3235.prm...

4.6CVSS7.3AI score0.00938EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/09/14 12:0 a.m.26 views

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/04/29 12:0 a.m.104 views

Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)

The version of Claroline an open source, collaborative learning environment installed on the remote host suffers from a number of remotely-exploitable vulnerabilities, including: - Multiple Remote File Include Vulnerabilities Four scripts let an attacker read arbitrary files on the remote host an...

7.5CVSS6.5AI score0.04863EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2005/01/02 12:0 a.m.22 views

GLSA-200412-27 : PHProjekt: Remote code execution vulnerability

The remote host is affected by the vulnerability described in GLSA-200412-27 PHProjekt: Remote code execution vulnerability cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact : A remote attacker can exploit this vulnerability to...

6.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/09 12:0 a.m.20 views

Basilix Webmail Attachment Crafted POST Arbitrary File Access

The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they accept a list of attachment names from the client yet do not verify that the attachments were in fa...

3.6CVSS5.8AI score0.00333EPSS
Exploits0References2
securityvulns
securityvulns
added 2001/05/03 12:0 a.m.48 views

@stake Security Advisory: Remote Vulnerabilities in Bugzilla &#40;A043001-1&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Remote Vulnerabilities in Bugzilla Release Date: 04/30/2001 Application: Bugzilla 2.10 Platform: Unix or any other platform supporting perl CGI scripts and MySQL most often Unix+Apache...

7.5CVSS0.2AI score0.03132EPSS
Exploits0
exploitpack
exploitpack
added 1995/07/31 12:0 a.m.10 views

John S.2 Roberts AnyForm 1.02.0 - CGI Semicolon

John S.2 Roberts AnyForm 1.02.0 - CGI Semicolon source: https://www.securityfocus.com/bid/719/info AnyForm is a popular form CGI designed to support simple forms that deliver responses via email. Certain versions of AnyForm did not perform user supplied data sanity checking and could be exploited...

0.1AI score
Exploits0
Rows per page
Query Builder