Lucene search
K

60 matches found

OSV
OSV
added 2019/08/15 7:15 p.m.3 views

CVE-2019-12809

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution...

8.8CVSS7.6AI score0.0103EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/12/20 12:0 a.m.8 views

The vulnerability of the web application for managing phpMyAdmin databases lies in the authentication procedures’ deficiencies, which allow attackers to view and execute files on the server.

The vulnerability in the web application for managing phpMyAdmin databases is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely access and manipulate files on the server...

9CVSS7AI score0.98391EPSS
Exploits21References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/10 12:0 a.m.33 views

Western Digital MyCloud Unauthenticated File Upload

The remote WD MyCloud device is affected by a file upload vulnerability that allows a remote attacker to upload and execute files. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid105732; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

10CVSS8.5AI score0.73404EPSS
Exploits6References3
NVD
NVD
added 2017/08/09 6:29 p.m.16 views

CVE-2015-0781

Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management ZCM allows remote attackers to upload and execute arbitrary files via unspecified vectors...

9.8CVSS9.7AI score0.04282EPSS
Exploits0References3
CNVD
CNVD
added 2016/02/27 12:0 a.m.6 views

Yeager Arbitrary File Upload Vulnerability

Yeager is an open source content management system . Yeager has a security vulnerability that allows remote attackers to exploit the vulnerability to submit a special request to upload arbitrary files and execute...

7.8CVSS9.5AI score0.08439EPSS
Exploits5References1
Check Point Advisories
Check Point Advisories
added 2016/02/07 12:0 a.m.2 views

Suspicious Image File Remote Code Execution Attempt

Certain malicious executable files can be hidden using image file name extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

5.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2015/06/09 12:0 a.m.46 views

CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

7.5CVSS7.2AI score0.1968EPSS
Exploits1References2
CVE
CVE
added 2012/11/18 7:0 p.m.86 views

CVE-2012-4959

CVE-2012-4959 affects Novell File Reporter NFRAgent.exe (1.0.2) via directory traversal in FSF/CMD handling of FSFUI records (UICMD 130), enabling remote upload and execution of arbitrary files. Connected data corroborates exploitation in Metasploit modules for NFR Agent 1.0.3/1.0.4.x and public ...

10CVSS6.7AI score0.71194EPSS
Exploits21References2Affected Software1
0day.today
0day.today
added 2012/07/27 12:0 a.m.52 views

CuteFlow v2.11.2 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/14 6:21 a.m.3 views

EUR Form Client Arbitrary File Execution Vulnerability

Overview EUR Form Client has an arbitrary file execution vulnerability. Impact A remote attacker could execute arbitrary file on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS7.5AI score0.05265EPSS
Exploits0References4
Prion
Prion
added 2009/11/29 1:7 p.m.13 views

Directory traversal

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...

6.8CVSS7.7AI score0.02796EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2007/02/27 2:28 a.m.12 views

CVE-2007-1129

Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via 1 an avatar upload in an adddown action, or 2 an addlink action...

7.5CVSS7.2AI score0.01359EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/02/27 2:0 a.m.22 views

CVE-2007-1129

Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via 1 an avatar upload in an adddown action, or 2 an addlink action...

7.2AI score0.01359EPSS
Exploits0References4
CVE
CVE
added 2007/02/27 2:0 a.m.47 views

CVE-2007-1129

CVE-2007-1129 affects MTCMS 3.2, with multiple unrestricted file upload vulnerabilities that allow remote attackers to upload and execute files via (1) avatar upload in an add_down action or (2) an add_link action. The root cause/precise vulnerable component is not detailed beyond the two upload ...

7.5CVSS7.2AI score0.01359EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2005/10/23 4:0 a.m.19 views

CVE-2005-3287

Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache director...

7AI score0.00968EPSS
Exploits0References1
CVE
CVE
added 2005/10/23 4:0 a.m.40 views

CVE-2005-3287

CVE-2005-3287 concerns an incomplete blacklist vulnerability in Mailsite Express that allows remote upload of files via attachments with executable extensions (e.g., ASPX) which are not converted to .TXT and can be directly requested from the cache directory. The sources indicate the issue but do...

5CVSS7.4AI score0.00968EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2005/10/23 12:0 a.m.4 views

PT-2005-4099 · Ftgate · Mailsite Express

Name of the Vulnerable Software and Affected Versions: Mailsite Express affected versions not specified Description: The issue allows remote attackers to upload and execute files with executable extensions, such as ASP, by utilizing the compose page feature. Attackers can attach the file and then...

5CVSS6.7AI score0.01309EPSS
Exploits0References2
NVD
NVD
added 2005/05/02 4:0 a.m.18 views

CVE-2005-0332

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to 1 upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or 2 delete arbitrary files via the selectfile...

7.5CVSS7.2AI score0.02001EPSS
Exploits0References8
CVE
CVE
added 2005/02/12 5:0 a.m.45 views

CVE-2004-1426

CVE-2004-1426 affects KorWeblog 1.6.2-cvs and earlier. This directory traversal vulnerability in index.php (lng parameter) allows remote reading of arbitrary files and potential PHP file execution via ".." sequences. The provided documents confirm the affected software and payload, but do not inc...

5CVSS7.3AI score0.01549EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2000/01/17 5:0 a.m.14 views

CVE-2000-0072

Visual Casel Vcasel does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges...

4.6CVSS6.5AI score0.00335EPSS
Exploits0References3
Rows per page
Query Builder