Lucene search
K

113 matches found

UbuntuCve
UbuntuCve
added 2019/11/07 9:15 p.m.19 views

CVE-2010-2476

syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...

9.8CVSS7.3AI score0.01725EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/07 8:19 p.m.18 views

CVE-2010-2476

syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...

9.5AI score0.01725EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/08/06 12:40 p.m.5 views

rubygems: Path traversal when writing to a symlinked basedir outside of the root

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS7.2AI score0.05076EPSS
Exploits0References5
Veracode
Veracode
added 2019/05/16 3:22 a.m.30 views

Directory Traversal Vulnerability

Ruby is vulnerable to directory traversal vulnerability. This exists in installlocation function of package.rb that could result in path traversal when writing to a symlinked basedir outside of the root...

7.5CVSS8.3AI score0.05076EPSS
Exploits0References16Affected Software4
Prion
Prion
added 2018/06/05 9:29 p.m.18 views

Directory traversal

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...

4CVSS6.5AI score0.02356EPSS
Exploits1References2Affected Software2
NVD
NVD
added 2018/06/05 9:29 p.m.20 views

CVE-2018-10057

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...

6.5CVSS6.5AI score0.02356EPSS
Exploits1References2
OSV
OSV
added 2018/06/05 9:29 p.m.17 views

CVE-2018-10057

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...

6.5CVSS6.7AI score0.02356EPSS
Exploits1References2
OSV
OSV
added 2018/03/13 3:29 p.m.19 views

CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS8.9AI score
Exploits0References14
Debian CVE
Debian CVE
added 2018/03/13 3:0 p.m.29 views

CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS8.9AI score0.05076EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/03/13 12:0 a.m.33 views

CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS6.8AI score0.05076EPSS
Exploits0References4
OSV
OSV
added 2018/03/13 12:0 a.m.4 views

UBUNTU-CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS6.8AI score0.05076EPSS
Exploits0References5
OSV
OSV
added 2016/09/11 12:0 a.m.3 views

UBUNTU-CVE-2016-7133

Zend/zendalloc.c in PHP 7.x before 7.0.10, when openbasedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a long pathname...

8.1CVSS7.4AI score0.04052EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2015/10/30 10:30 a.m.26 views

CVE-2007-0905

PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...

7.5CVSS6.7AI score0.02452EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2015/10/30 9:17 a.m.26 views

CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

4.6CVSS6.9AI score0.01046EPSS
Exploits1References2
CNVD
CNVD
added 2015/06/26 12:0 a.m.3 views

AudioShare Code Injection Vulnerability

AudioShare is an audio file manager. AudioShare suffers from a code injection vulnerability that allows remote attackers to execute arbitrary PHP code by submitting a special 'config'basedir' ' parameter...

7.5CVSS8.2AI score0.01498EPSS
Exploits1References1
Cvelist
Cvelist
added 2015/06/23 2:0 p.m.22 views

CVE-2015-4726

PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config'basedir' parameter...

7.5AI score0.01498EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2015/06/17 12:0 a.m.31 views

Audio Share 2.0.2 Cross Site Scripting / Remote File Inclusion

| Title : Audio Share v2.0.2 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by AudioShareScript.com | Tested on: windows 8.1 Français V.Pro | Download : http://demo.audiosharescript.com/ ======================================= XSS / HTML Inject :...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

PHP <= 5.2.1 Session.Save_Path() TMPDIR Open_Basedir Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23183/info PHP is prone to a 'openbasedir' restriction-bypass vulnerability due to a design error. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

PHP 5.2 Session.Save_Path() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21508/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

DWebPro 3.4.1 Http.ini Plaintext Password Storage Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8438/info A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named 'http.ini'. An...

7.1AI score
Exploits0
Rows per page
Query Builder