Lucene search
K

104 matches found

exploitpack
exploitpack
added 2013/03/13 12:0 a.m.75 views

Apache Rave 0.11 0.20 - User Information Disclosure

Apache Rave 0.11 0.20 - User Information Disclosure CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the Us...

4CVSS6.3AI score0.7322EPSS
Exploits10
Exploit DB
Exploit DB
added 2013/03/13 12:0 a.m.43 views

Apache Rave 0.11 < 0.20 - User Information Disclosure

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.4AI score0.7322EPSS
Exploits10
Packet Storm
Packet Storm
added 2013/03/12 12:0 a.m.40 views

Apache Rave User Exposure

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS0.7322EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2013/01/11 12:0 a.m.32 views

FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)

Google Chrome Releases reports : 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

7.5CVSS8.3AI score0.02017EPSS
Exploits0References24
Packet Storm
Packet Storm
added 2010/10/11 12:0 a.m.19 views

VideoDB 3.0.3 Local File Inclusion / SQL Injection

Exploit Title: VideoDB Multiple Vulnerabilities Date: 09.10.2010 Author: Valentin Category: webapps/0day Version: 3.0.3 and earlier Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = VideoDB Multip...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2010/10/09 12:0 a.m.122 views

VideoDB 3.0.3 - Multiple Vulnerabilities

Exploit Title: VideoDB Multiple Vulnerabilities Date: 09.10.2010 Author: Valentin Category: webapps/0day Version: 3.0.3 and earlier Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = VideoDB Multip...

7AI score
Exploits0
exploitpack
exploitpack
added 2010/10/09 12:0 a.m.14 views

VideoDB 3.0.3 - Multiple Vulnerabilities

VideoDB 3.0.3 - Multiple Vulnerabilities Exploit Title: VideoDB Multiple Vulnerabilities Date: 09.10.2010 Author: Valentin Category: webapps/0day Version: 3.0.3 and earlier Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Informatio...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2010/08/17 12:0 a.m.21 views

CMSimple 3.3 Cross Site Request Forgery / Cross Site Scripting

==================================== Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg http://www.cmsimple.org/ Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 201...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/08/17 12:0 a.m.152 views

XSS vulnerability in CMSimple

Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg http://www.cmsimple.org/ Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS Cross Site...

0.7AI score
Exploits0
Drupal
Drupal
added 2010/03/03 12:0 a.m.17 views

SA-CONTRIB-2010-024 - eTracker - Cross Site Scripting

The eTracker module provides integration of a Drupal site with the eTracker web traffic analysis service and takes the current URL as a parameter to track what pages have been visited. The URL from the browser is forwarded to JavaScript in the current page, and because the URL wasn't sanitised, i...

6.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2009/01/26 12:0 a.m.13 views

Fedora Core 9 FEDORA-2009-0636 (libnasl)

The remote host is missing an update to libnasl announced via advisory FEDORA-2009-0636. OpenVAS Vulnerability Test $Id: fcore20090636.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-0636 libnasl Authors: Thomas Reinke Copyright: Copyright c 2009...

Exploits0References1
Typo3
Typo3
added 2009/01/23 12:0 a.m.93 views

XSS and SQL injection vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to XSS and SQL injections. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.3.0 and all versions below Vulnerability Type: Cross-Site...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/09/16 12:0 a.m.14 views

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Code Execution. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.2.0 and all versions below Vulnerability Type: Code execution...

7.7AI score
Exploits0Affected Software1
CVE
CVE
added 2007/08/08 10:0 p.m.55 views

CVE-2007-4232

The CVE-2007-4232 issue affects PHPNews 0.93 and is described as a PHP remote file inclusion vulnerability in admin/inc/change_action.php. The vulnerability allows an attacker to cause the application to execute arbitrary PHP code by supplying a crafted URL for the format_menue parameter, enablin...

6.8CVSS7.5AI score0.51651EPSS
Exploits2References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/04/05 12:0 a.m.34 views

Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:076)

A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue. Updated packages have been patched to address this issue...

4.3CVSS5.4AI score0.02054EPSS
Exploits0References1
CVE
CVE
added 2006/08/17 9:0 p.m.35 views

CVE-2006-4210

CVE-2006-4210 describes a vulnerability in nu_mail.inc.php of Andreas Kansok’s phPay 2.02/2.02.1 where, if register_globals is enabled, a remote attacker can abuse the server as an open mail relay via manipulated parameters (mail_text2, user_row[5], nu_mail_1, shop_mail). The root cause is improp...

2.6CVSS7AI score0.01996EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2006/07/21 12:0 a.m.10 views

DSA-1114 hashcash - buffer overflow

Bulletin has no description...

7.5CVSS6.3AI score0.03586EPSS
Exploits0
securityvulns
securityvulns
added 2006/06/29 12:0 a.m.58 views

Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities

====================================================================== Secunia Research 14/06/2006 - DeluxeBB SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...

5.1CVSS0.8AI score0.20301EPSS
Exploits2
FreeBSD
FreeBSD
added 2006/06/27 12:0 a.m.10 views

hashcash -- heap overflow vulnerability

Andreas Seltenreich reports that hashcash is prone to a heap overflow vulnerability. This vulnerability is caused by improper checking of memory allocations within the "arraypush" function. An attacker could trigger this vulnerability by passing a lot of "-r" or "-j" flags from the command line,...

0.9AI score
Exploits0References2
securityvulns
securityvulns
added 2006/06/15 12:0 a.m.45 views

Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities

====================================================================== Secunia Research 14/06/2006 - DeluxeBB SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...

5.1CVSS0.8AI score0.20301EPSS
Exploits2
Rows per page
Query Builder