Lucene search
K

208 matches found

Cvelist
Cvelist
added 2011/02/17 5:0 p.m.30 views

CVE-2011-0533

Cross-site scripting XSS vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the...

5.6AI score0.04198EPSS
Exploits0References18
Prion
Prion
added 2011/01/19 5:0 p.m.20 views

Code injection

Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from ...

10CVSS6.2AI score0.03317EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2010/10/25 8:1 p.m.30 views

CVE-2010-4070

Integer overflow in librpc.dll in portmap.exe aka the ISM Portmapper service in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server IDS 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a...

10CVSS7.9AI score0.05238EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2010/10/25 8:1 p.m.42 views

CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...

4.9CVSS6AI score0.00892EPSS
Exploits0References1
Prion
Prion
added 2010/07/22 5:40 a.m.16 views

Design/Logic Flaw

index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via 1 a viewadrates action with an invalid uid parameter, which reveals the installation path in an error message; or 2 an adminlogin action with a crafted uid parameter, which reveals the version number...

5CVSS6.6AI score0.01218EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2010/05/27 10:30 p.m.7 views

CVE-2010-2092

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...

8.1AI score
Exploits0References6
Prion
Prion
added 2010/05/27 10:30 p.m.19 views

Sql injection

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...

7.5CVSS8.7AI score0.0137EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2010/05/27 10:0 p.m.33 views

CVE-2010-2092

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...

8AI score0.0137EPSS
Exploits1References6
Prion
Prion
added 2010/05/04 4:0 p.m.16 views

Code injection

lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to nowconnect.php...

6.8CVSS8.1AI score0.04024EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2010/03/05 4:30 p.m.17 views

Integer overflow

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execut...

10CVSS8.2AI score0.40321EPSS
Exploits5References10Affected Software1
NVD
NVD
added 2010/03/05 4:30 p.m.27 views

CVE-2009-2753

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a...

10CVSS7.6AI score0.10923EPSS
Exploits4References8
Cvelist
Cvelist
added 2010/03/05 4:0 p.m.41 views

CVE-2009-2754

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execut...

7.6AI score0.40321EPSS
Exploits5References10
Cvelist
Cvelist
added 2010/03/05 4:0 p.m.37 views

CVE-2009-2753

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a...

7.6AI score0.10923EPSS
Exploits4References8
Packet Storm
Packet Storm
added 2010/01/01 12:0 a.m.19 views

PhotoDiary 1.3 Local File Inclusion

PhotoDiary 1.3 lng Local File Inclusion Vulnerability Discovered by cOndemned download: http://code.google.com/p/photodiary/ source of /admin/install.php lines 9 - 15: if isset$GET'lng' $LNG = $GET'lng'; 1 else $LNG = "ITA"; include "../common/language".$LNG.".php"; 2 proof of concept:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2009/12/18 12:0 a.m.19 views

OSSIM 2.1.5 Command Execution

cybsec com / function wrap$url $ua = array'Mozilla','Opera','Microsoft Internet Explorer','Chrome','Safari','Konqueror'; $op = array'Windows 7','Windows XP','Ubuntu','Windows Vista','ReactOS','OSX','Minix'; $agent = $uarand0,3.'/'.rand1,8.'.'.rand0,9.' '.$oprand0,5.' '.rand1,7.'.'.rand0,9.';...

0.2AI score
Exploits0
NVD
NVD
added 2009/11/29 1:7 p.m.19 views

CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

7.5CVSS6.7AI score0.02402EPSS
Exploits1References12
OSV
OSV
added 2009/11/29 1:7 p.m.3 views

DEBIAN-CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

7.5CVSS7AI score0.02402EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2009/11/28 5:0 p.m.74 views

CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

7.5CVSS9.1AI score0.02402EPSS
Exploits1
Prion
Prion
added 2009/09/09 7:30 p.m.10 views

Design/Logic Flaw

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter...

10CVSS7.3AI score0.01988EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2009/09/09 7:30 p.m.24 views

CVE-2009-3112

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter...

10CVSS6.8AI score0.01988EPSS
Exploits0References1
Rows per page
Query Builder