Lucene search
K

53 matches found

OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2020:0510-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.06617EPSS
Exploits1References2
CNVD
CNVD
added 2020/03/13 12:0 a.m.2 views

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17150)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...

4.3CVSS6.8AI score0.00485EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/13 12:0 a.m.2 views

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18659)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...

4.8CVSS6.4AI score0.00611EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/13 12:0 a.m.4 views

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17145)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...

4.3CVSS6.8AI score0.00485EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/13 12:0 a.m.2 views

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18653)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...

4.8CVSS6.4AI score0.00611EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.6 views

The vulnerability of the command-line interface implementation of the network operating system NX-OS allows a attacker to execute arbitrary commands on the underlying operating system.

The vulnerability of the command-line interface implementation of the networking operating system NX-OS exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...

6.8CVSS7AI score0.00463EPSS
Exploits0References3
OSV
OSV
added 2017/02/01 11:59 p.m.10 views

CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

7.5CVSS7.4AI score
Exploits0References3
OSV
OSV
added 2017/02/01 11:59 p.m.3 views

DEBIAN-CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

7.5CVSS7AI score0.12513EPSS
Exploits5References1
Cvelist
Cvelist
added 2017/02/01 11:0 p.m.35 views

CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

7.4AI score0.12513EPSS
Exploits5References3
CVE
CVE
added 2017/02/01 11:0 p.m.85 views

CVE-2017-5630

CVE-2017-5630 affects PEAR Base System v1.10.1; PECL in the Installer’s download utility does not validate file types/filenames after redirects, allowing remote HTTP servers to overwrite files via crafted responses (e.g., .htaccess). Documented impact is file overwrite; no patch/remediation detai...

7.5CVSS7.2AI score0.12513EPSS
Exploits5References3Affected Software1
Debian CVE
Debian CVE
added 2017/02/01 11:0 p.m.38 views

CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

7.5CVSS5.6AI score0.12513EPSS
Exploits5
0day.today
0day.today
added 2017/01/30 12:0 a.m.82 views

PHP PEAR 1.10.1 - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications + + Credits / Discovery: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product:...

5CVSS7.5AI score0.12513EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/01/30 12:0 a.m.80 views

PHP PEAR 1.10.1 - Arbitrary File Download

Credits / Discovery: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: =================================== PEAR Base System v1.10.1...

7.5CVSS7.5AI score0.12513EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/01/29 12:0 a.m.57 views

PEAR Arbitrary File Download

Credits / Discovery: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: =================================== PEAR Base System v1.10.1...

7.5AI score0.12513EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2016/12/07 12:0 a.m.27 views

FreeBSD : FreeBSD -- link_ntoa(3) buffer overflow (0282269d-bbee-11e6-b1cf-14dae9d210b8)

A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact : Due to very limited use of the function in the existing applications, and limited length of the overflow,...

9.8CVSS8.6AI score0.03699EPSS
Exploits1References2
Drupal
Drupal
added 2016/02/24 12:0 a.m.630 views

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted...

8.5CVSS7.7AI score0.0319EPSS
Exploits0References50
securityvulns
securityvulns
added 2010/03/02 12:0 a.m.44 views

NSOADV-2010-003: DATEV ActiveX Control remote command execution

NSOADV-2010-003: DATEV ActiveX Control remote command execution 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 1111 0 11 11 111111111 1 1101 10 00111 ...

10CVSS0.1AI score0.05863EPSS
Exploits1
Prion
Prion
added 2010/02/26 7:30 p.m.13 views

Design/Logic Flaw

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System aka Grundpaket Basis allows remote attackers to execute arbitrary commands via unspecified vectors...

10CVSS8.2AI score0.05863EPSS
Exploits1References9
CVE
CVE
added 2010/02/26 7:0 p.m.47 views

CVE-2010-0689

The CVE-2010-0689 entry concerns DATEV Base System (Grundpaket Basis) DVBSExeCall.ocx ActiveX Control, version 1.0.0.1, whose ExecuteExe function is vulnerable to remote command execution. The vulnerability is triggered via unspecified vectors in the DVBSExeCall ActiveX control, allowing remote a...

10CVSS7.8AI score0.05863EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2005/11/27 11:3 a.m.15 views

CVE-2005-3850

Cross-site scripting XSS vulnerability in search.asp in Online Knowledge Base System OKBSYS Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References5
Rows per page
Query Builder