Lucene search
K

98 matches found

CNVD
CNVD
added 2019/05/16 12:0 a.m.3 views

GetSimple CMS Remote Code Execution Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A remote code execution vulnerability exists in GetSimple CMS version 3.3.15 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system...

9.8CVSS8.5AI score0.71598EPSS
Exploits5References1
OSV
OSV
added 2019/01/26 5:29 p.m.10 views

UBUNTU-CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

5.9CVSS6.6AI score0.15586EPSS
Exploits0References6
exploitpack
exploitpack
added 2018/12/15 12:0 a.m.28 views

phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read

phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read !/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat =...

0.2AI score
Exploits0
OSV
OSV
added 2017/09/26 1:29 a.m.3 views

CVE-2017-7970

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...

6.5CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2017/09/26 1:29 a.m.19 views

CVE-2017-7970

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...

6.5CVSS7AI score0.00559EPSS
Exploits0References3
Prion
Prion
added 2017/09/26 1:29 a.m.17 views

Design/Logic Flaw

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...

3.3CVSS6.9AI score0.00559EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2017/09/25 7:0 p.m.22 views

CVE-2017-7970

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...

6.4AI score0.00559EPSS
Exploits0References3
CNVD
CNVD
added 2016/12/12 12:0 a.m.8 views

phpMyAdmin Denial of Service Vulnerability (CNVD-2016-12351)

phpmyadmin is an online management tool for MySQL databases. A denial of service vulnerability exists in phpMyAdmin versions 4.6.x, 4.4.x, 4.0.x. The vulnerability can be exploited by configuring $cfg'AllowArbitraryServer'=true. Configuring $cfg'AllowArbitraryServer'=true allows an attacker to...

5.9CVSS6.6AI score0.01934EPSS
Exploits0References1
OSV
OSV
added 2016/12/11 3:0 a.m.5 views

UBUNTU-CVE-2016-9860

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

5.9CVSS6.6AI score0.01934EPSS
Exploits0References3
OSV
OSV
added 2016/12/11 3:0 a.m.2 views

DEBIAN-CVE-2016-9860

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

5.9CVSS9.2AI score0.01934EPSS
Exploits0References1
OSV
OSV
added 2016/12/11 2:59 a.m.5 views

ALPINE-CVE-2016-6622

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

5.9CVSS7.2AI score0.01799EPSS
Exploits0References1
OSV
OSV
added 2016/12/11 2:59 a.m.3 views

DEBIAN-CVE-2016-6622

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

5.9CVSS9.3AI score0.01799EPSS
Exploits0References1
OSV
OSV
added 2016/12/11 2:59 a.m.6 views

UBUNTU-CVE-2016-6622

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

5.9CVSS7AI score0.01799EPSS
Exploits0References3
OSV
OSV
added 2016/12/11 2:59 a.m.5 views

UBUNTU-CVE-2016-6629

An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x...

9.8CVSS7.3AI score0.03202EPSS
Exploits0References3
0day.today
0day.today
added 2015/12/01 12:0 a.m.33 views

Zenphoto 1.4.10 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Zenphoto 1.4.10 - Local File Inclusion Vulnerability Vendor: ==================== www.zenphoto.org Product: =================== Zenphoto 1.4.10 Vulnerability Details: ====================== Zen Photos pluginDoc.php PHP file is vulnerable to...

7.1AI score
Exploits0
Prion
Prion
added 2015/10/26 2:59 p.m.20 views

Command injection

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...

6.4CVSS6.9AI score0.04532EPSS
Exploits0References18Affected Software1
Cvelist
Cvelist
added 2015/10/26 2:0 p.m.35 views

CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...

8.4AI score0.04532EPSS
Exploits0References18
CNVD
CNVD
added 2015/09/15 12:0 a.m.3 views

Kirby CMS Cross-Site Request Forgery Vulnerability

Kirby CMS is a file-based content management system that is flexible, easy to use and easy to install. KirbyCMS suffers from a cross-site request forgery vulnerability in its implementation, which could be exploited by an attacker to execute arbitrary script code in the context of an affected...

7.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/03/20 12:0 a.m.41 views

Yoast Google Analytics Stored Cross Site Scripting

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserve...

7.1AI score
Exploits0
Rows per page
Query Builder