CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7653 matches found

Tenable Nessus•added 2005/08/10 12:0 a.m.•141 views

AWStats Referrer Header Arbitrary Command Execution

The remote host is running AWStats, an open source web analytics tool used for analyzing data from internet services such as web, streaming, media, mail and FTP servers. The version of AWStats installed on the remote host collects data about the web referrers and uses them without proper sanitati...

5CVSS5.9AI score0.02665EPSS

Exploits0References4

Debian•added 2005/08/03 5:2 a.m.•26 views

[SECURITY] [DSA 772-1] New apt-cacher package fixes arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 772-1 [email protected] http://www.debian.org/security/ Martin Schulze August 3rd, 2005 http://www.debian.org/security/faq -...

7.5CVSS6.7AI score0.02129EPSS

Exploits0

Tenable Nessus•added 2005/07/27 12:0 a.m.•62 views

WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection

The remote host is running the WPS Web-Portal-System. The version of this software installed on the remote host is vulnerable to remote command execution flaw through the argument 'art' of the script 'wpsshop.cgi'. A malicious user could exploit this flaw to execute arbitrary commands on the remo...

10CVSS6.2AI score0.03204EPSS

Exploits0References2

Debian•added 2005/07/19 8:14 a.m.•25 views

[SECURITY] [DSA 762-1] New affix packages fix arbitrary command and code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 762-1 [email protected] http://www.debian.org/security/ Martin Schulze July 19th, 2005 http://www.debian.org/security/faq -...

10CVSS0.8AI score0.12938EPSS

Exploits0

seebug.org•added 2005/07/19 12:0 a.m.•22 views

phpBB 2.0.15 Remote PHP Code Execution Exploit (metasploit)

No description provided by source. Title: phpBB 2.0.15 arbitrary command execution eXploit Name: phpphpbb2015.pm License: Artistic/BSD/GPL Info: Coded because of boredom. - This is an exploit module for the Metasploit Framework, please see http://metasploit.com/projects/Framework for more...

7.1AI score

Exploits0

exploitpack•added 2005/07/19 12:0 a.m.•17 views

phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)

phpBB 2.0.15 - PHP Remote Code Execution Metasploit Title: phpBB 2.0.15 arbitrary command execution eXploit Name: phpphpbb2015.pm License: Artistic/BSD/GPL Info: Coded because of boredom. - This is an exploit module for the Metasploit Framework, please see http://metasploit.com/projects/Framework...

0.2AI score

Exploits0

0day.today•added 2005/07/19 12:0 a.m.•23 views

phpBB 2.0.15 Remote PHP Code Execution Exploit (metasploit)

Exploit for unknown platform in category web applications =========================================================== phpBB 2.0.15 Remote PHP Code Execution Exploit metasploit =========================================================== Title: phpBB 2.0.15 arbitrary command execution eXploit Name:...

7.1AI score

Exploits0

OSV•added 2005/07/19 12:0 a.m.•34 views

DSA-762-1 affix - several

Bulletin has no description...

10CVSS9.3AI score0.12938EPSS

Exploits0

Tenable Nessus•added 2005/07/19 12:0 a.m.•38 views

Debian DSA-760-1 : ekg - several vulnerabilities

Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creatio...

10CVSS5.8AI score0.01507EPSS

Exploits0References6

Exploit DB•added 2005/07/19 12:0 a.m.•60 views

phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)

Title: phpBB 2.0.15 arbitrary command execution eXploit Name: phpphpbb2015.pm License: Artistic/BSD/GPL Info: Coded because of boredom. - This is an exploit module for the Metasploit Framework, please see http://metasploit.com/projects/Framework for more information. package...

7.4AI score

Exploits0

Debian•added 2005/07/18 5:35 p.m.•41 views

[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 760-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...

7.1AI score

Exploits0

Tenable Nessus•added 2005/07/13 12:0 a.m.•20 views

Slackware 9.0 / current : WU-FTPD Security Advisory (SSA:2003-259-03)

Upgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature mostly used to compress files, or produce tar archives to execute arbitrary commands on the serve...

9.3CVSS5.4AI score0.03289EPSS

Exploits0References2

Tenable Nessus•added 2005/07/13 12:0 a.m.•29 views

FreeBSD : rssh & scponly -- arbitrary command execution (f11b219a-44b6-11d9-ae2f-021106004fd6)

Jason Wies identified both rssh & scponly have a vulnerability that allows arbitrary command execution. He reports : The problem is compounded when you recognize that the main use of rssh and scponly is to allow file transfers, which in turn allows a malicious user to transfer and execute entire...

7.5CVSS5.9AI score0.07327EPSS

Exploits2References5

Tenable Nessus•added 2005/07/13 12:0 a.m.•32 views

FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)

Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...

7.5CVSS5.7AI score0.03603EPSS

Exploits0References3

Debian•added 2005/07/11 11:44 a.m.•22 views

[SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution

------------------------------------------------------------------------ Debian Security Advisory DSA 748-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

7.5CVSS0.3AI score0.06565EPSS

Exploits0

Gentoo Linux•added 2005/07/11 12:0 a.m.•33 views

Ruby: Arbitrary command execution through XML-RPC

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...

7.5CVSS6.7AI score0.06565EPSS

Exploits0

Tenable Nessus•added 2005/07/11 12:0 a.m.•31 views

Debian DSA-748-1 : ruby1.8 - bad default value

A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server. The old stable distribution woody did not include ruby1.8. This problem is fixed for the current stable distribution sarge in version 1.8.2-7sarge1. This problem...

7.5CVSS7.2AI score0.06565EPSS

Exploits0References2

Debian•added 2005/07/10 3:54 a.m.•58 views

[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

7.5CVSS1.2AI score0.79071EPSS

Exploits5

Debian•added 2005/07/10 3:54 a.m.•121 views

[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities

7.1AI score

Exploits5

OSV•added 2005/07/10 12:0 a.m.•41 views

DSA-745-1 drupal - arbitrary command execution

Bulletin has no description...

7.5CVSS6.2AI score0.79071EPSS

Exploits5

Rows per page