Lucene search
K

60 matches found

0day.today
0day.today
added 2022/08/10 12:0 a.m.631 views

Zimbra zmslapd Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...

7.8CVSS0.4AI score0.01683EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/08/10 12:0 a.m.372 views

Zimbra zmslapd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...

0.7AI score0.01683EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2022/05/10 12:15 p.m.3 views

CVE-2021-43094

An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition =2.11 and Platform Standalone Edition =2.4.0 via GET requests on arbitrary parameters in patient.page...

9.8CVSS7.5AI score0.01222EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/10/25 12:0 a.m.6 views

PT-2021-7417 · Zimbra +1 · Zimbra Collaboration +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.x through 9.x Description: An issue was discovered in Zimbra Collaboration, related to the Sudo configuration, which permits the zimbra user to execute the NGINX binary as root with arbitrary parameters...

7.8CVSS7.5AI score0.00401EPSS
Exploits1References13
OSV
OSV
added 2020/07/29 4:15 p.m.4 views

CVE-2020-13699

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either...

8.8CVSS7.6AI score0.25895EPSS
Exploits2References2
OSV
OSV
added 2020/06/22 6:15 p.m.6 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

7.5CVSS7.2AI score0.02161EPSS
Exploits1References2
OSV
OSV
added 2020/06/22 1:15 p.m.3 views

CVE-2020-14202

WebFOCUS Business Intelligence 8.0 SP6 was prone to XSS via arbitrary URL parameters...

6.1CVSS6.5AI score0.00668EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.10 views

.NET Partial-Trust bypass via browser command-line injection in System.Windows.Forms.Help

A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the users’ default browser. This...

4.7AI score
Exploits0References1
Prion
Prion
added 2019/05/07 7:29 p.m.21 views

Design/Logic Flaw

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...

9.3CVSS8AI score0.0235EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2019/05/07 7:29 p.m.4 views

UBUNTU-CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...

8.1CVSS6AI score0.0235EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/05/07 6:41 p.m.43 views

CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...

9.3CVSS8.1AI score0.0235EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/08/03 12:0 a.m.4 views

PT-2018-16195 · Salesforce · Restforce

Name of the Vulnerable Software and Affected Versions: restforce versions prior to 3.0.0 Description: The issue is related to insufficient URI encoding, allowing an attacker to inject arbitrary parameters into Salesforce API requests. This flaw is only exploitable in applications that pass user...

9.8CVSS9.2AI score0.01506EPSS
Exploits0References7
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/05/07 12:0 a.m.30 views

[20180602] - Core - XSS vulnerability in language switcher module

In some cases the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url...

6.1CVSS7.3AI score0.01413EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2016/05/11 12:0 a.m.36 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description SECURITY-170 / CVE-2016-3721 Arbitrary build parameters are passed to build scripts as environment variables SECURITY-243 / CVE-2016-3722 Malicious users with multiple user accounts can prevent other users from logging in SECURITY-250 / CVE-2016-3723...

7.4CVSS3.1AI score0.02388EPSS
Exploits1References1
CNVD
CNVD
added 2015/01/08 12:0 a.m.4 views

TYPO3 has an unspecified vulnerability

TYPO3 is an open source content management system CMS and content management framework CMF. An unspecified vulnerability exists in TYPO3 that could allow a remote attacker to trigger a page reload with unspecified impact via "Cache Poisoning" using arbitrary parameters and URLs...

7.5CVSS7.1AI score0.01496EPSS
Exploits1References1
Prion
Prion
added 2012/10/01 12:55 a.m.77 views

Cross site scripting

Cross-site scripting XSS vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters...

4.3CVSS6.2AI score0.01642EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2009/09/15 12:0 a.m.22 views

Gentoo Security Advisory GLSA 200909-06 (amule)

The remote host is missing updates announced in advisory GLSA 200909-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

6.8CVSS0.1AI score0.0154EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/09/15 12:0 a.m.18 views

Gentoo Security Advisory GLSA 200909-06 (amule)

The remote host is missing updates announced in advisory GLSA 200909-06. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

6.8CVSS6.5AI score0.0154EPSS
Exploits1References2
NVD
NVD
added 2008/08/21 5:41 p.m.20 views

CVE-2008-3764

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

7.5CVSS7.8AI score0.03326EPSS
Exploits0References8
Cvelist
Cvelist
added 2006/11/15 3:0 p.m.20 views

CVE-2006-5900

Cross-site scripting XSS vulnerability in the incubator/tests/Zend/Http/files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters...

5.8AI score0.01191EPSS
Exploits0References3
Rows per page
Query Builder