CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

5285 matches found

Exploit DB•added 2001/02/15 12:0 a.m.•19 views

Bajie 0.78 - Arbitrary Shell Command Execution

source: https://www.securityfocus.com/bid/2389/info Requesting a specailly crafted URL containg arbitrary code, can be exected on a Unix system running Bajie Webserver. Any arbitrary commands appended to a malicious URL after the ';' will be executed as an independent job...

securityvulns•added 2001/02/06 12:0 a.m.•27 views

Vulnerability in Picserver

Vulnerability in Picserver Overview Picserver is a specialized webserver available from http://www.informs.com and http://www.zdnet.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths ie: '..', '...'. Details http://localhost:7000/../file outsi...

securityvulns•added 2001/02/03 12:0 a.m.•62 views

Дырка в GoAhead WebServer

Обратный путь в директориях позволяет доступ к любым документам и выполнение приложений...

Exploits0References1Affected Software1

Packet Storm•added 2001/01/06 12:0 a.m.•26 views

whois.cgi.txt

Metacharacterbug in the Fastgraf whois.cgi perlscript ----------------------------------------------------- Author : Fastgraf c All rights reserved. url : http://www.fastgraf.com realeasedate : 03/01/99 Problem: The whois.cgi script of Fastgraf has almost no metacharcterchecking which enables...

Exploit DB•added 2000/12/14 12:0 a.m.•30 views

Leif M. Wright simplestguest.cgi 2.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2106/info A vulnerabiliy exists in Leif M. Wright's simplestguest.cgi, a script designed to coordinate guestbook submissions from website visitors. An insecure call to the open function leads to a failure to properly filter shell metacharacters from user...

securityvulns•added 2000/11/29 12:0 a.m.•27 views

Дырка в 24Link Webserver (avoid password protection )

Добавление спец символов к имени файла позволяет обойти защиту файла паролем...

Exploits0References1Affected Software1

NVD•added 2000/11/14 5:0 a.m.•16 views

CVE-2000-0842

The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. dot dot attack...

5CVSS6.6AI score0.01909EPSS

Exploits0References2

exploitpack•added 2000/10/29 12:0 a.m.•11 views

Kootenay Web Inc whois 1.0 - Remote Command Execution

Kootenay Web Inc whois 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/1883/info whois is a utility used to find general information and technical details about registered domain names. A vulnerability exists in Kootenay Web Inc's Whois release v.1.9, a web interface to...

exploitpack•added 2000/10/26 12:0 a.m.•22 views

Cisco Catalyst 3500 XL - Arbitrary Command Execution

Cisco Catalyst 3500 XL - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1846/info A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the...

Exploit DB•added 2000/10/26 12:0 a.m.•43 views

Cisco Catalyst 3500 XL - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1846/info A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the contents of the particular file. In addition to...

exploitpack•added 2000/10/23 12:0 a.m.•14 views

Allaire JRun 2.3 - Arbitrary Code Execution

Allaire JRun 2.3 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/1831/info Jrun contains a vulnerability that allows a user to compile and execute JSP code from an arbitrary file on the webserver's filesystem. This bug is due to the way JSP execution is invoked -- if a...

CVE•added 2000/10/18 4:0 a.m.•50 views

CVE-2000-0842

CVE-2000-0842 affects the UnixWare 7 scohelphttp webserver. The vulnerability is in the search97cgi/vtopic component, where a path traversal via a .. (dot dot) attack could allow remote attackers to read arbitrary files. The available connected sources (NVD, CVE listings) confirm the affected pro...

5CVSS7AI score0.01909EPSS

Exploits0References2Affected Software1

securityvulns•added 2000/10/13 12:0 a.m.•63 views

@stake Advisory: PHP3/PHP4 Logging Format String Vulnerability (A 101200-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We contacted the PHP team on 10/3/2000 concerning this problem. We wanted to hold off releasing our advisory until a fix was available for PHP3 since some users may not be able to easily upgrade to PHP4. Fixes for PHP3 and PHP4 are now available. We a...

Exploit DB•added 2000/10/12 12:0 a.m.•37 views

PHP 3.0/4.0 - Error Logging Format String

// source: https://www.securityfocus.com/bid/1786/info PHP is a scripting language designed for CGI applications that is used on many websites. There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 4.0.3. The vulnerability exists in the code that handles...

Exploit DB•added 2000/10/07 12:0 a.m.•40 views

phpix 1.0 - Directory Traversal

source: https://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The problem is that "../" character...

exploitpack•added 2000/09/13 12:0 a.m.•9 views

MultiHTML 1.5 - File Disclosure

MultiHTML 1.5 - File Disclosure source: https://www.securityfocus.com/bid/6711/info MultiHTML is prone to a file disclosure vulnerability. It is possible for remote attackers to issue requests which are capable of disclosing sensitive webserver readable resources on the system hosting the softwar...

exploitpack•added 2000/09/11 12:0 a.m.•20 views

Mandrake 6.17.07.1 - perl HTTP Directory Disclosure

Mandrake 6.17.07.1 - perl HTTP Directory Disclosure source: https://www.securityfocus.com/bid/1678/info The default configuration files for versions of modperl shipped with Mandrake Linux 6.1 through 7.1 contain a misconfiguration that can be a security concern in some situations. The /perl...

Exploit DB•added 2000/09/10 12:0 a.m.•45 views

YaBB 9.1.2000 - Arbitrary File Read

source: https://www.securityfocus.com/bid/1668/info YaBB.pl, a web-based bulletin board script, stores board postings in numbered text files. The numbered file name is specified in the call to YaBB.pl in the variable num=. Before retrieving the file, YaBB will append a .txt extension to . Due to...

exploitpack•added 2000/09/07 12:0 a.m.•13 views

nathan purciful phpphotoalbum 0.9.9 - Directory Traversal

nathan purciful phpphotoalbum 0.9.9 - Directory Traversal source: https://www.securityfocus.com/bid/1650/info The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in...

Exploit DB•added 2000/09/07 12:0 a.m.•30 views

nathan purciful phpphotoalbum 0.9.9 - Directory Traversal

source: https://www.securityfocus.com/bid/1650/info The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in the value of the "folder" variable it is possible for a...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by