Lucene search
K

50 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.33 views

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-1441)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined b...

9.8CVSS8.7AI score0.56334EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/12 12:39 p.m.4 views

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

10CVSS7AI score0.95764EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2022/12/08 1:8 p.m.4 views

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...

10CVSS7.1AI score0.83223EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2022/10/26 12:0 a.m.6 views

PT-2022-24930 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 Description: The issue concerns the automatic execution of unsaved SQL queries, which could pose a possible attack vector. Metabase has addressed th...

8.8CVSS8.9AI score0.0079EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/08/30 4:7 p.m.3 views

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

10CVSS7AI score0.95764EPSS
Exploits6References5
Broadcom
Broadcom
added 2022/08/15 12:0 a.m.6 views

(CVE-2022-1292) - The c_rehash script allows command injection. (BSA-2022-1846)

Security Advisory ID: BSA-2022-1846 Component: OpenSSL Revision: 2.0 The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...

10CVSS7.6AI score0.83223EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2022/08/03 12:50 p.m.4 views

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...

10CVSS7.1AI score0.83223EPSS
Exploits5References5
NVD
NVD
added 2020/11/19 6:15 p.m.10 views

CVE-2020-12510

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...

7.3CVSS7.2AI score0.00839EPSS
Exploits0References1
Prion
Prion
added 2020/11/19 6:15 p.m.19 views

Default configuration

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...

6CVSS7.1AI score0.00839EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/08/24 3:15 p.m.10 views

CVE-2020-7831

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however...

8.8CVSS8.7AI score0.00867EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/08/24 3:0 p.m.16 views

CVE-2020-7831

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however...

8.8CVSS8.7AI score0.00867EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/08/12 1:21 p.m.25 views

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

9CVSS9AI score0.018EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2017/12/01 12:0 a.m.50 views

MistServer 2.12 Cross Site Scripting

Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product: =========== MistServer v2.12 MistServer...

6.4AI score0.04327EPSS
Exploits5
seebug.org
seebug.org
added 2017/02/16 12:0 a.m.22 views

RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD

RVM, by default, hooks cd and automatically parses a file named .versions.conf in the directory being changed to. The intention seems to be that, if the user's $rvmautoinstallbundlerflag setting is enabled, then .versions.conf can specify a Gemfile that will automatically be fed to bundle install...

7.5AI score
Exploits0
Node.js
Node.js
added 2016/07/22 9:20 p.m.21 views

Cross-Site Scripting

Overview Affected versions of swagger-ui are vulnerable to cross-site scripting. This vulnerability exists because swagger-ui automatically executes external Javascript that is loaded in via the url query string parameter when a Content-Type: application/javascript header is included. An attacker...

3.2AI score0.00713EPSS
Exploits0Affected Software1
NVD
NVD
added 2014/07/03 5:55 p.m.23 views

CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

10CVSS6.5AI score0.03922EPSS
Exploits0References13
OSV
OSV
added 2014/07/03 5:55 p.m.2 views

DEBIAN-CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

10CVSS7.5AI score0.03922EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/07/03 5:0 p.m.28 views

CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx...

6.4AI score0.03922EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.35 views

Mandriva Linux Security Advisory : emacs (MDVSA-2013:076)

Updated emacs packages fix security vulnerabilities : Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent...

9.3CVSS7.6AI score0.03804EPSS
Exploits0References3
exploitpack
exploitpack
added 2010/07/18 12:0 a.m.14 views

Microsoft Windows - Automatic .LNK Shortcut File Code Execution

Microsoft Windows - Automatic .LNK Shortcut File Code Execution From: http://www.ivanlef0u.tuxfamily.org/?p=411 1. Unzip the files in 'C: '. Start a DbgView or paste a KD to your VM. 2. Rename 'suckme.lnk' to 'suckme.lnk' and let the magic do the rest of shell32.dll. 3. Look at your logs...

7.8AI score
Exploits0
Rows per page
Query Builder