CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

404 matches found

securityvulns•added 2001/03/12 12:0 a.m.•38 views

Дырки в CGI Iconboard

Обратный путь в директориях в сочетании с ошибкой NULL-byte позволяет получить содержимое любого файла...

Exploits0References1Affected Software1

Exploit DB•added 2001/03/09 12:0 a.m.•34 views

Microsoft Internet Explorer 5.0.1/5.5/6.0 - Telnet Client File Overwrite

source: https://www.securityfocus.com/bid/2463/info Services for Unix 2.0 contains a client side logging option which records all information exchanged in a telnet session. A vulnerability exists that could enable a remote user to invoke the telnet client and execute arbitrary commands on a targe...

securityvulns•added 2001/02/21 12:0 a.m.•25 views

Quick Analysiss of the recent crc32 ssh(d) bug

Abstract ----------- This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivates using the ssh-1 protocoll. There is a possible overflow during assignemnet from 32bit integer to 16bit wide one leading to...

Exploit DB•added 2001/02/12 12:0 a.m.•20 views

SilverPlatter WebSPIRS 3.3.1 - File Disclosure

source: https://www.securityfocus.com/bid/2362/info A remote user could gain read access to known files outside of the root directory where SilverPlatter WebSPIRS resides. Requesting a specially crafted URL composed of '../' sequences along with the known filename will disclose the requested file...

Tenable Nessus•added 2001/02/09 12:0 a.m.•179 views

SSH CRC-32 Compensation Attack Remote Overflow

The remote host is running a version of SSH that is older than version 1.2.32, or a version of OpenSSH that is older than 2.3.0. The remote version of this software is vulnerable to a flaw known as a 'CRC-32 compensation attack' that could allow an attacker to gain a root shell on this host. C...

10CVSS7.7AI score0.32416EPSS

Exploits1References1

securityvulns•added 2001/01/16 12:0 a.m.•27 views

Vulnerability in jaZip.

Dear, Bugtraq. jaZip is a program for managing an Iomega Zip or Jaz drive. It is often installed setuid root - and because of a buffer overflow it is possible for regular users to become root. Please excuse me if this was know. Please note that I can not guarantee that this information is correct...

NVD•added 2000/12/19 5:0 a.m.•20 views

CVE-2000-0913

modrewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression...

5CVSS6.7AI score0.34584EPSS

Exploits0References15

Exploit DB•added 2000/11/07 12:0 a.m.•43 views

YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input which arguments a call to open. A malicious user could...

Exploit DB•added 2000/10/25 12:0 a.m.•22 views

iPlanet Certificate Management System 4.2 - Directory Traversal

source: https://www.securityfocus.com/bid/1839/info Acquiring access to known files outside of the web root is possible through directory traversal techniques in both iPlanet Certificate Management System CMS. This is made possible through the use of "../" in a HTTP request. The following service...

Exploit DB•added 2000/10/18 12:0 a.m.•21 views

Microsoft Virtual Machine - Arbitrary Java Codebase Execution

source: https://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase can be referenced by a java applet that was loaded by an tag i...

Cvelist•added 2000/10/13 4:0 a.m.•30 views

CVE-2000-0745

admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter...

6.9AI score0.1207EPSS

Exploits2References3

exploitpack•added 2000/09/10 12:0 a.m.•13 views

YaBB 9.1.2000 - Arbitrary File Read

YaBB 9.1.2000 - Arbitrary File Read source: https://www.securityfocus.com/bid/1668/info YaBB.pl, a web-based bulletin board script, stores board postings in numbered text files. The numbered file name is specified in the call to YaBB.pl in the variable num=. Before retrieving the file, YaBB will...

securityvulns•added 2000/08/22 12:0 a.m.•41 views

Vuln. in all sites using PHP-Nuke, versions less than 3

Greetings, PHP-Nuke is a Web Portal System, storytelling software also an automated web site to distribute news and articles with users system. Exploit: ------- The problem is when somebody does a http://example.com/admin.php3?admin=whatever, can have full access as an admin, that means posting...

securityvulns•added 2000/08/01 12:0 a.m.•31 views

Client Agent 6.62 for Unix Vulnerability

Client Agent 6.62 for Unix Vulnerability Hi all, Excuse-me for my poor english : I discover a vulnerability in Client Agent 6.62 for Unix. It's tested on a Debian 2.2.14 Perhaps it doesn't important. Introduction -------------- Client Agent has a hole allowing to execute an arbitrary code by root...

securityvulns•added 2000/07/08 12:0 a.m.•24 views

Novell Border Manger - Anyone can pose as an authenticated user

Info: Author: George R. Johnson Date: 07/07/00 Product: BorderManager 3.0 possibly others Vendor: Novell Problem: Unauthenticated user can web surf as any authenticated user Discussion: To provide SSO-like capabilities for customers using BorderManger proxy server and the NetWare client, Novell...

exploitpack•added 2000/05/16 12:0 a.m.•14 views

Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution

Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on the...

securityvulns•added 2000/05/11 12:0 a.m.•28 views

KNapster Vulnerability Compromises User-readable Files

KNapster Vulnerability Compromises User-readable Files This vulnerability was discovered at the Center for Education and Research in Information Assurance and Security CERIAS at Purdue University http://www.cerias.purdue.edu by: Tom Daniels [email protected] Florian Buchholz...

securityvulns•added 2000/05/04 12:0 a.m.•36 views

Fun with UltraBoard V1.6X

hola friends, found some interesting things in the "old" UltraBoard-Forum scripts UltraBoard V 1.6 class:Input Validation Error remote:Yes vulnerable:UltraBoard V1. vendor: www.ultrascripts.com || www.ub2k.com Description: By using the good old NullByte000 its possible to open "any" file on the...

Exploit DB•added 2000/03/02 12:0 a.m.•28 views

Corel Linux OS 1.0 - Dosemu Distribution Configuration

source: https://www.securityfocus.com/bid/1030/info A vulnerability exists in the configuration of Dosemu, the DOS emulator, as shipped with Corel Linux 1.0. Dosemu documentation cautions that the system.com binary should not be made available to users, as it implements the system libc call. User...

exploitpack•added 1999/11/22 12:0 a.m.•14 views

Microsoft Internet Explorer 5 (Windows 95982000NT 4.0) - XML HTTP Redirect

Microsoft Internet Explorer 5 Windows 95982000NT 4.0 - XML HTTP Redirect MS IE 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 XML HTTP Redirect Vulnerability source: https://www.securityfocus.com/bid/815/info A vulnerability in the method IE5 uses to process XML data may allow a maliciou...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by