CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Apache Tomcat•added 2016/02/11 12:0 a.m.•72 views

Fixed in Apache Tomcat 6.0.45

Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...

8.8CVSS7.5AI score0.4988EPSS

Tenable Nessus•added 2016/01/29 12:0 a.m.•24 views

FreeBSD : phpmyadmin -- Multiple full path disclosure vulnerabilities (740badcb-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to...

5.3CVSS6.4AI score0.00577EPSS

Exploits0References3

Apache Tomcat•added 2016/01/05 12:0 a.m.•59 views

Fixed in Apache Tomcat 9.0.0.M3

Moderate: Security Manager bypass CVE-2016-0763 This issue only affects users running untrusted web applications under a security manager. ResourceLinkFactory.setGlobalContext is a public method and was accessible to web applications even when running under a security manager. This allowed a...

8.8CVSS7.8AI score0.4988EPSS

Packet Storm•added 2015/12/07 12:0 a.m.•14 views

Download Manager 1.1 SQL Injection / Disclosure

| Title : Download Manager v1.1 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : Running on Download Manager v1.1 | Tested on: windows 8.1 Français V.Pro | Download : http://marketplace.mattlowden.com/php/download-manager/ ======================================...

0.6AI score

Apache Tomcat•added 2015/12/06 12:0 a.m.•51 views

Fixed in Apache Tomcat 8.0.30

5.3CVSS7.1AI score0.4988EPSS

Kitploit•added 2015/12/04 8:46 p.m.•41 views

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. You can do: brute force passwords in auth forms directory disclosure use PATH list to brute, and find HTTP status code test list on input to find SQL Injection and XSS vulnerabilities To run: require libcurl-dev or...

7.8AI score

Exploits0References1

OSV•added 2015/04/10 12:0 a.m.•18 views

DSA-3218-1 wesnoth-1.10 - security update

Bulletin has no description...

5CVSS6AI score0.00651EPSS

n0where•added 2015/03/20 5:45 p.m.•19 views

Web Application Bruteforcer: 0d1n

0d1n is a Open Source web application bruteforcer and Fuzzer. If your objective is automate exhaustive tests and search for anomalies read vulnerabilities 0d1n can increase your productivity following web parameters, files, directories, forms and other things. With 0d1n you can brute force...

7.9AI score

Exploits0References2

seebug.org•added 2014/07/01 12:0 a.m.•25 views

Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6721/info Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier. It has been reported that remote attackers may view directory contents even when an 'index.html' or other...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

Nokia Electronic Documentation 5.0 Directory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8624/info Nokia Electronic Documentation NED is prone to a vulnerability that may enable remote attackers to list directory contents. This issue may be exploited by appending a dot . to a request for a NED page...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

Sun i-Runbook 2.5.2 Directory And File Content Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5209/info Sun i-Runbook is a single point of technical and administration management for Sun production environments. i-Runbook provides a web interface. i-Runbook can be led to disclose the contents of a known resource...

seebug.org•added 2014/07/01 12:0 a.m.•16 views

Mandrake 6.1/7.0/7.1 /perl http Directory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1678/info The default configuration files for versions of modperl shipped with Mandrake Linux 6.1 through 7.1 contain a misconfiguration that can be a security concern in some situations. The /perl directory is part of th...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

Apache Tomcat 3.2 Directory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5838/info Apache Tomcat is reported to be prone to a vulnerability which may enable remote attackers to disclose the contents of directories. This issue is reported to affect Apache Tomcat 3.2.x on HP-UX 11.04 VVOS system...

seebug.org•added 2014/07/01 12:0 a.m.•18 views

Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1510/info If a request containing the null character %00 is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages. For example, a request to...

seebug.org•added 2014/07/01 12:0 a.m.•13 views

robin twombly a1 http server 1.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2436/info It is possible for a remote user to gain read access to directories and files outside the web root. Requesting a specially crafted URL composed of '../' sequences will disclose an arbitrary directory, appending...

seebug.org•added 2014/07/01 12:0 a.m.•13 views

Allaire JRun 3 Directory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1830/info Allaire JRun is a web application development suite with JSP and Java Servlets. Each web application directory contains a WEB-INF directory, this directory contains information on web application classes,...

seebug.org•added 2014/07/01 12:0 a.m.•18 views

OReilly Software WebSite Professional 2.5.4 Directory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2488/info Requesting a specially crafted URL to a machine running O'Reilly & Associates Website Professional, will disclose the physical path to the root directory. www.example.com/:/...

seebug.org•added 2014/07/01 12:0 a.m.•16 views

OSU HTTP Server 3.10/3.11 Multiple Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20098/info OSU Ohio State University HTTP server is prone to multiple information-disclosure vulnerabilities. This may allow a malicious user to gain access to sensitive data; information gained may aid in further attacks...

0day.today•added 2012/06/21 12:0 a.m.•75 views

LiveStreet 0.5.1 Cross Site Scripting

Exploit for php platform in category web applications LiveStreet Cross-Site Scripting Vulnerabilities & disclosure of directory Vulnerable: LiveStreet 0.5.1 http://livestreetcms.com/download/ Remote: Yes Local: No Credit: HiMIC Babichev Igor Livestreet XSS POST: File:...