Lucene search
K

246 matches found

CNVD
CNVD
added 2018/08/29 12:0 a.m.1 views

PHP7CMS suffers from information leakage vulnerability

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. There is an information leakage vulnerability in PHP7CMS. The vulnerability is due to the program installation will write the database information into the cac...

6.6AI score
Exploits0
CNVD
CNVD
added 2018/04/20 12:0 a.m.2 views

Code Execution Vulnerability in PHPMyWind v5.4

PHPMyWind is a PHP MySQL-based development , W3C-compliant building engine . A code execution vulnerability exists in PHPMyWind v5.4. PHPMyWind can be exploited to execute arbitrary code when implementing the generation of cache configuration files...

8.2AI score
Exploits0
myhack58
myhack58
added 2018/04/03 12:0 a.m.18 views

$_SERVER[SCRIPT_NAME]variable to the value of the injected malicious code-vulnerability warning-the black bar safety net

$SERVER'SCRIPTNAME'variable in the route pass the parameters, can be introduced into the malicious code, which leads toxssas well as malicious code injection. PS: this article is only for technical discussion and sharing, it is forbidden for any illegal purposes. $SERVER'SCRIPTNAME'variables are...

7.1AI score
Exploits0
CNVD
CNVD
added 2018/03/05 12:0 a.m.2 views

Code Execution Vulnerability in Cicada Knowledge Enterprise Portal System

Cicada Knowledge Enterprise Portal System is a web content management system. A code execution vulnerability exists in the Cicada Knowledge Enterprise Portal System. The vulnerability is due to improper handling of writing to a cache file. An attacker can construct a malicious request to write...

8AI score
Exploits0
CNVD
CNVD
added 2018/01/31 12:0 a.m.1 views

Code execution vulnerability in DedeCMS backend cache files

Weaving dream content management system DedeCms is a PHP open source website management system. A code execution vulnerability exists in the DedeCMS backend cache file. The vulnerability is due to the system mishandling of input information , allowing an attacker to exploit the vulnerability...

7.7AI score
Exploits0
Prion
Prion
added 2018/01/29 5:29 p.m.17 views

Design/Logic Flaw

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...

6.5CVSS8.4AI score0.01214EPSS
Exploits1References2Affected Software1
Amazon
Amazon
added 2017/09/13 12:0 a.m.60 views

Low: nginx

Issue Overview: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially...

7.5CVSS7.3AI score0.62597EPSS
Exploits6
Prion
Prion
added 2017/08/31 3:29 p.m.22 views

Null pointer dereference

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file by submitting a malformed image file...

4.3CVSS7.3AI score0.01605EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
added 2017/08/28 9:59 p.m.92 views

Low: Red Hat Security Advisory: rh-nginx110-nginx security update

An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS6.7AI score0.62597EPSS
Exploits6References2
RedhatCVE
RedhatCVE
added 2017/07/12 5:50 a.m.111 views

CVE-2017-7529

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory b...

7.5CVSS1.3AI score0.62597EPSS
Exploits6References2
CNVD
CNVD
added 2017/05/03 12:0 a.m.4 views

RuboCop Arbitrary Cache File Modification Vulnerability

RuboCop is a Ruby static code analyzer . With the ability to find and resolve code errors. A security vulnerability exists in RuboCop 0.48.1 and earlier versions. A local attacker can exploit the vulnerability to tamper with other users' cached files...

3.3CVSS6.8AI score0.00409EPSS
Exploits1References1
myhack58
myhack58
added 2017/04/13 12:0 a.m.61 views

Phpcms V9. 6. 0 any file write getshell vulnerability analysis-vulnerability warning-the black bar safety net

1 Introduction: It is said to be one in the underground has been around for half a 0day, which has recently been broke to, in the membership registration page, that this vulnerability without the need to login you can use, or more powerful. 2 vulnerability analysis: Follow up on the registration...

7.2AI score
Exploits0
PyPA
PyPA
added 2017/01/30 10:59 p.m.7 views

PYSEC-2017-32

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file...

3.3CVSS6.2AI score0.00407EPSS
Exploits0References3Affected Software1
Cent OS
Cent OS
added 2016/11/25 3:24 p.m.73 views

fontconfig security update

CentOS Errata and Security Advisory CESA-2016:2601 An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

7.8CVSS6.8AI score0.00403EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2016/11/03 8:12 a.m.32 views

Moderate: Red Hat Security Advisory: fontconfig security and bug fix update

An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.8CVSS6.8AI score0.00403EPSS
Exploits0References4
myhack58
myhack58
added 2016/09/13 12:0 a.m.67 views

Finecms 2.0.1 background GETSHELL 0DAY-vulnerability warning-the black bar safety net

FineCMS have a cache function, and when the Wordpress like, there is a cache function and cache file name is not random and the suffix is php, it leads to a can use background cache function getshell it. Below is the Payload PHP | 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 | POST /inde...

Exploits0
OSV
OSV
added 2016/08/25 12:0 a.m.3 views

UBUNTU-CVE-2016-7513

Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service segmentation fault via unspecified vectors...

6.5CVSS7AI score0.02493EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2016/08/25 12:0 a.m.2 views

PT-2016-7355 · Imagemagick +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: The issue is related to an off-by-one error in the magick/cache.c file of ImageMagick, which allows remote attackers to cause a denial of service, resulting in a segmentation fault. The...

9.8CVSS7.5AI score0.13393EPSS
Exploits15References351
Tenable Nessus
Tenable Nessus
added 2016/08/22 12:0 a.m.16 views

FreeBSD : fontconfig -- insufficiently cache file validation (44989c29-67d1-11e6-8b1d-c86000169601)

Debian security team reports : Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In...

7.8CVSS7AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2016/08/13 1:59 a.m.4 views

DEBIAN-CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

7.8CVSS6.6AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder