53 matches found
SUSE: Security Advisory (SUSE-SU-2020:0510-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17150)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18659)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17145)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18653)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...
The vulnerability of the command-line interface implementation of the network operating system NX-OS allows a attacker to execute arbitrary commands on the underlying operating system.
The vulnerability of the command-line interface implementation of the networking operating system NX-OS exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...
CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...
DEBIAN-CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...
CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...
CVE-2017-5630
CVE-2017-5630 affects PEAR Base System v1.10.1; PECL in the Installer’s download utility does not validate file types/filenames after redirects, allowing remote HTTP servers to overwrite files via crafted responses (e.g., .htaccess). Documented impact is file overwrite; no patch/remediation detai...
CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...
PHP PEAR 1.10.1 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications + + Credits / Discovery: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product:...
PHP PEAR 1.10.1 - Arbitrary File Download
Credits / Discovery: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: =================================== PEAR Base System v1.10.1...
PEAR Arbitrary File Download
Credits / Discovery: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: =================================== PEAR Base System v1.10.1...
FreeBSD : FreeBSD -- link_ntoa(3) buffer overflow (0282269d-bbee-11e6-b1cf-14dae9d210b8)
A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact : Due to very limited use of the function in the existing applications, and limited length of the overflow,...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted...
NSOADV-2010-003: DATEV ActiveX Control remote command execution
NSOADV-2010-003: DATEV ActiveX Control remote command execution 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 1111 0 11 11 111111111 1 1101 10 00111 ...
Design/Logic Flaw
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System aka Grundpaket Basis allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2010-0689
The CVE-2010-0689 entry concerns DATEV Base System (Grundpaket Basis) DVBSExeCall.ocx ActiveX Control, version 1.0.0.1, whose ExecuteExe function is vulnerable to remote command execution. The vulnerability is triggered via unspecified vectors in the DVBSExeCall ActiveX control, allowing remote a...
CVE-2005-3850
Cross-site scripting XSS vulnerability in search.asp in Online Knowledge Base System OKBSYS Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter...