CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9791 matches found

Tenable Nessus•added 2008/07/08 12:0 a.m.•32 views

Fedora 9 : ruby-1.8.6.230-4.fc9 (2008-6033)

Tue Jul 1 2008 Akira TAGOH - 1.8.6.230-4 - Backported from upstream SVN to fix a segfault issue with Arrayfill. - Mon Jun 30 2008 Akira TAGOH - 1.8.6.230-3 - Backported from upstream SVN to fix a segfault issue. 452825 - Backported from upstream SVN to fix an integer overflow in rbaryfill. - Wed...

10CVSS7.2AI score0.04456EPSS

Exploits2References3

securityvulns•added 2008/07/04 12:0 a.m.•27 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. SLAED CMS: CAPTCHA bypass, crossite scripting...

1.6AI score

Exploits0References3Affected Software3

RedHat Linux•added 2008/07/02 1:15 p.m.•3 views

No title provided

The initrequestinfo function in sapi/cgi/cgimain.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATHTRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI...

10CVSS7.6AI score0.10918EPSS

Exploits2References3

Saint•added 2008/07/02 12:0 a.m.•26 views

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

7.5CVSS9.9AI score0.7409EPSS

Exploits9

Saint•added 2008/07/02 12:0 a.m.•58 views

HP OpenView Network Node Manager connectedNodes.ovpl command execution

7.5CVSS9.9AI score0.7409EPSS

Exploits9

securityvulns•added 2008/07/02 12:0 a.m.•28 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score

Exploits0References3Affected Software2

Saint•added 2008/07/02 12:0 a.m.•29 views

HP OpenView Network Node Manager connectedNodes.ovpl command execution

9.8CVSS9.9AI score0.7409EPSS

Exploits9

securityvulns•added 2008/07/01 12:0 a.m.•27 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke 8.1.1 Discontrol - automation protection bypass...

1.8AI score

Exploits0References2Affected Software2

Tenable Nessus•added 2008/06/30 12:0 a.m.•63 views

CGIWrap Charset Specification Weakness Error Message XSS

The remote host is running CGIWrap, a wrapper for CGI scripts to provide enhanced security. The version of CGIWrap installed on the remote host does not specify a charset when responses are for error pages. An attacker may be able to leverage this issue to inject arbitrary HTML and script code in...

4.3CVSS5.8AI score0.0125EPSS

Exploits0References3

securityvulns•added 2008/06/29 12:0 a.m.•28 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score

Exploits0References2

seebug.org•added 2008/06/28 12:0 a.m.•83 views

Ruby WEBrick远程目录遍历漏洞

CVECAN ID: CVE-2008-1891 Ruby是一种功能强大的面向对象的脚本语言。 WEBrick是Ruby中内嵌的HTTP服务器程序库。WEBrick组件存在目录遍历漏洞，如果服务器使用的是NTFS或FAT文件系统的话，远程攻击者就可以通过在向使用WEBrick::HTTPServlet::FileHandler或WEBrick::HTTPServer.new的应用所提交的URI请求结尾附加“+”、“%2b”、“.”、“%2e”或“%20”字符执行目录遍历攻击，导致读取任意CGI文件。 Yukihiro Matsumoto Ruby 1.9.x Yukihiro...

5CVSS6.4AI score0.02813EPSS

Exploits1

Tenable Nessus•added 2008/06/26 12:0 a.m.•29 views

Fedora 9 : ruby-1.8.6.230-1.fc9 (2008-5664)

Tue Jun 24 2008 Akira TAGOH - 1.8.6.230-1 - New upstream release. - Security fixes. 452294. - CVE-2008-1891: WEBrick CGI source disclosure. - CVE-2008-2662: Integer overflow in rbstrbufappend. - CVE-2008-2663: Integer overflow in rbarystore. - CVE-2008-2664: Unsafe use of alloca in rbstrformat. -...

10CVSS7.2AI score0.04456EPSS

Exploits2References14

securityvulns•added 2008/06/26 12:0 a.m.•24 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: Crossite Scripting. ExpressionEngine: Crossite scripting...

1.8AI score

Exploits0References8Affected Software6

ATTACKERKB•added 2008/06/25 12:36 p.m.•2 views

CVE-2008-2852

Cross-site scripting XSS vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages...

4.3CVSS5.8AI score0.0125EPSS

Exploits0References7

CVE•added 2008/06/24 7:0 p.m.•34 views

CVE-2008-2835

CVE-2008-2835 affects IGSuite 3.2.4 with a SQL injection in cgi-bin/igsuite via the formid parameter, enabling remote attackers to execute arbitrary SQL commands. Public exploit references exist (Exploit-DB), but the provided documents do not include a remediation or patch details.

7.5CVSS8.4AI score0.00973EPSS

Exploits1References4Affected Software1

securityvulns•added 2008/06/23 12:0 a.m.•21 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score

Exploits0References1Affected Software1

Exploit DB•added 2008/06/22 12:0 a.m.•34 views

IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection

!/usr/bin/perl 05/18/2008 - IGSuite 3.2.4 Blind SQL Injection - ksOSe 05/21/2008 - Vendor notified 05/23/2008 - A patch was pushed via the igsuited daemonnot enabled by default Fix: run igsuited --update-igsuite or upgrade to 3.2.5-beta. Tested on IGSuite 3.2.4 on linux with MySQL, needs ncin pat...

7.4AI score

Exploits0

securityvulns•added 2008/06/19 12:0 a.m.•30 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score

Exploits0References5Affected Software5

Japan Vulnerability Notes•added 2008/06/19 12:0 a.m.•34 views

JVN#45389864 CGIWrap error page cross-site scripting vulnerability

CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...

4.3CVSS5.5AI score0.0125EPSS

Exploits0

securityvulns•added 2008/06/17 12:0 a.m.•35 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by