Lucene search
K

1446 matches found

seebug.org
seebug.org
added 2006/11/26 12:0 a.m.31 views

OpenBSD LD.SO本地环境变量清除漏洞

OpenBSD是一款开放源代码的操作系统。 OpenBSD ELF ld.so1不正确过滤环境变量,本地攻击者可以利用漏洞绕过安全设置或可能造成任意指令执行。 目前没有详细漏洞细节提供。 penBSD OpenBSD 4.0 OpenBSD OpenBSD 3.9 补丁下载: OpenBSD OpenBSD 4.0 OpenBSD 005ldso.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/005ldso.patch OpenBSD OpenBSD 3.9 OpenBSD 016ldso.patch...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/10/09 12:0 a.m.40 views

OpenDock Easy Blog 1.4 - doc_directory File Inclusion

OpenDock Easy Blog 1.4 - docdirectory File Inclusion ECHOADV50$2006 ----------------------------------------------------------------------------------------------- ECHOADV50$2006OpenDock Easy Blog =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...

Exploits0
Exploit DB
Exploit DB
added 2006/09/21 12:0 a.m.34 views

Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution

source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/08/15 12:0 a.m.21 views

PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion

source: https://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow an attacker to execute arbitrary local scripts within the context of the affected...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/07/09 12:0 a.m.14 views

Ottoman CMS <= 1.1.3 (default_path) Remote File Inclusion Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; Jacek Wlodarczyk j4ck - jacekwloatgmaildotcom Title: Ottoman CMS = 1.1.3 Remote File Inclusion Exploit Application: Ottoman Content Management System Version: 1.1.3 and prior Url: http://www.lowter.com/p/ottoman Affected software...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.36 views

FreeBSD : pear-XML_RPC -- remote PHP code injection vulnerability (e65ad1bf-0d8b-11da-90d0-00304823c0d3)

A Hardened-PHP Project Security Advisory reports : When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code. This new...

7.5CVSS5.8AI score0.05091EPSS
Exploits0References9
Prion
Prion
added 2006/05/12 9:2 p.m.19 views

Code injection

Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme...

6.5CVSS7.3AI score0.02226EPSS
Exploits0References8Affected Software1
securityvulns
securityvulns
added 2006/04/28 12:0 a.m.37 views

[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability

--------------------------------------------------------------------------------------- ECHOADV31$2006 Sws Web Server 0.1.7 Strcpy & Syslog Format String Vulnerability --------------------------------------------------------------------------------------- Author : Dedi Dwianto Date : April, 28th...

0.9AI score
Exploits0
CVE
CVE
added 2006/03/03 10:0 p.m.55 views

CVE-2006-0388

CVE-2006-0388 affects Safari in Mac OS X 10.3 (before 10.3.9) and 10.4 (before 10.4.5). The underlying issue allows remote attackers to use HTTP redirection to local resources to redirect users and execute arbitrary JavaScript. The connected documents confirm the affected family and behavior but ...

2.6CVSS6.9AI score0.00775EPSS
Exploits0References8Affected Software2
Exploit DB
Exploit DB
added 2006/02/22 12:0 a.m.16 views

Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2006/02/13 11:0 a.m.22 views

CVE-2006-0651

SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page...

8.3AI score0.01135EPSS
Exploits1References4
securityvulns
securityvulns
added 2006/01/18 12:0 a.m.33 views

XSS in WBNews < = v1.1.0

it is possible to be executed I cosay arbitrary within the system wbnews in the field "Name" for example scriptalert"Hello DragoN";/script WBNews http://www.webmobo.com/ DragoN [email protected]...

1.1AI score
Exploits0
Ubuntu
Ubuntu
added 2005/12/14 2:21 a.m.53 views

USN-229-1: Zope vulnerability

Zope did not deactivate the file inclusion feature when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope serve...

7.5CVSS5.7AI score0.03046EPSS
Exploits0
CVE
CVE
added 2005/12/11 11:0 a.m.58 views

CVE-2005-4159

The CVE concerns Simple Machines Forum (SMF) prior to 1.1 rc1 (inclusive) with a potential SQL injection in Memberlist.php via the start parameter. The vendor disputes that it constitutes a true SQL injection, arguing only a single character can be modified, which may be an invalid SQL syntax err...

7.5CVSS9.1AI score0.01377EPSS
Exploits0References7Affected Software1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.12 views

Tiki Wiki CMS Groupware Multiple Unspecified Remote Vulnerabilities

Tiki Wiki CMS Groupware is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.3AI score
Exploits0References3
securityvulns
securityvulns
added 2005/10/19 12:0 a.m.33 views

flexbackup default config insecure temporary file creation

flexbackup default config insecure temporary file creation Vendor: http://flexbackup.sourceforge.net/ Advisory: http://www.zataz.net/adviso/flexbackup-09192005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low The vulnerabilities ared due to insecure temporary files...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2005/10/14 4:0 a.m.22 views

CVE-2005-3236

Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via 1 the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or 2 the nick parameter of lostpwd.php...

7.6AI score0.03688EPSS
Exploits0References9
NVD
NVD
added 2005/09/02 11:3 p.m.18 views

CVE-2005-2778

SQL injection vulnerability in member.php in MyBulletinBoard MyBB allows remote attackers to execute arbitrary SQL statements via the fid parameter...

7.5CVSS8.2AI score0.01212EPSS
Exploits1References2
securityvulns
securityvulns
added 2005/07/07 12:0 a.m.68 views

[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC

Gentoo Linux Security Advisory GLSA 200507-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

7.5CVSS0.4AI score0.79071EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2005/06/29 12:0 a.m.75 views

phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution

The remote host is running a version of phpBB that allows attackers to inject arbitrary PHP code to the 'viewtopic.php' script to be executed subject to the privileges of the web server userid. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

7.5CVSS5.8AI score0.85366EPSS
Exploits9References2
Rows per page
Query Builder