Lucene search
+L

235 matches found

OSV
OSV
added 2018/08/13 4:29 p.m.5 views

CVE-2017-1286

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...

6.5CVSS5.7AI score0.01313EPSS
Exploits0References2
NVD
NVD
added 2018/04/07 9:29 p.m.13 views

CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

8.1CVSS8.3AI score0.0158EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/04/07 9:29 p.m.36 views

CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

8.1CVSS7.2AI score0.0158EPSS
Exploits0References2
Citrix
Citrix
added 2017/10/12 12:0 a.m.12 views

WEM Admin Console Error: "Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again"

After performing in-place upgrade of the WEM Broker, The WEM Admin console gives the following error when trying to connect to the WEM site:. "Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again" Plus, when opening t...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/09/04 12:0 a.m.3 views

Command Execution Vulnerability Due to Improper Filtering of Database Configuration File in MetInfo Version 5.3.18

MetInfo is a Content Management System CMS developed using PHP and Mysql. A security vulnerability exists in the backend of MetInfo version 5.3.18. The vulnerability is due to improper filtering of the database configuration file during program reinstallation, resulting in malicious code that can...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2017/06/21 8:0 p.m.36 views

CVE-2016-7508

Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding...

8.1AI score0.01603EPSS
Exploits4References2
CNVD
CNVD
added 2017/03/04 12:0 a.m.3 views

PHPCMS v9.5.10 suffers from a design vulnerability

PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. A design vulnerability exists in PHPCMS v9.5.10, which allows an attacke...

6.6AI score
Exploits0References1
Veeam
Veeam
added 2017/03/01 12:0 a.m.68 views

Version string portion was too short or too long

The article describes additional Veeam ONE database configuration required after deploying it manually...

1.7AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2017/02/18 6:48 p.m.29 views

New Relic: Sensitive information disclosure

I am able to download ciritcal files which include newrelic environment setup, setting uo of database which also says which database is used etc. I am able to access this information using a google dork Google dork:site:newrelic.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw |...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2016/12/08 1:22 p.m.20 views

Cosa Nostra - A FOSS Graph Based Malware Clusterization Toolkit

Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Getting started Required 3rd party tools In order to use...

7.3AI score
Exploits0References2
Exploit DB
Exploit DB
added 2016/07/21 12:0 a.m.32 views

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download

ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected:...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/07/11 12:0 a.m.25 views

Tiki Wiki CMS 15.0 - Arbitrary File Download

Exploit for php platform in category web applications Exploit Title: Tiki Wiki CMS 15.0 Arbitrary File Download Date: 11-07-2016 Software Link: https://tiki.org Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/05/06 12:0 a.m.73 views

DotNetNuke 07.04.00 - Administration Authentication Bypass

Exploit for asp platform in category web applications Exploit Title: DotNetNuke 07.04.00 Administration Authentication Bypass Date: 06-05-2016 Exploit Author: Marios Nicolaides Vendor Homepage: http://www.dnnsoftware.com/ Software Link: https://dotnetnuke.codeplex.com/releases/view/611324 Version...

7.5CVSS9.6AI score0.74552EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.31 views

Fedora 22 : php-horde-horde-5.2.9-1.fc22 (2016-3d1183830b)

horde 5.2.9 jan SECURITY: Fix XSS vulnerability in menu bar exposed by few applications Bug 14213. jan Add more detailed user DN settings to Kolab group configuration Request 11737. jan Fix returning to last page after problem reporting from AJAX pages Bug 12112. jan Fix custom database...

6.1CVSS6AI score0.02061EPSS
Exploits2References5
NVD
NVD
added 2015/10/06 1:59 a.m.18 views

CVE-2015-5644

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...

6.8CVSS7.7AI score0.01321EPSS
Exploits0References3
Prion
Prion
added 2015/10/06 1:59 a.m.18 views

Code injection

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...

6.8CVSS8.1AI score0.01321EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/10/06 1:59 a.m.17 views

Code injection

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...

6.8CVSS8.1AI score0.01321EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/10/03 10:0 a.m.21 views

CVE-2015-5643

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...

7.7AI score0.01321EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/10/03 10:0 a.m.19 views

CVE-2015-5644

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...

7.7AI score0.01321EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/30 12:0 a.m.33 views

JVN#08535069: MATCHA SNS vulnerable to code injection

MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute arbitrary PHP code on the server where...

6.8CVSS7.4AI score0.01321EPSS
Exploits0
Rows per page
Query Builder