CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9083 matches found

NVD•added 2005/02/28 5:0 a.m.•10 views

CVE-2005-0603

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message...

5CVSS6.2AI score0.0473EPSS

Exploits0References4

Tenable Nessus•added 2004/08/18 12:0 a.m.•14 views

Oracle MySQL 6.0 < 6.0.10 XPath Expression DoS

Binary data 5002.prm...

4CVSS7.3AI score0.05008EPSS

Exploits1References3

RedHat Linux•added 2004/03/17 5:20 p.m.•0 views

security flaw

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...

7.2CVSS6.5AI score0.00523EPSS

Exploits0References4

Apache Httpd•added 2003/08/04 12:0 a.m.•30 views

Apache Httpd < 2.0.48 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

7.2CVSS1.3AI score0.00523EPSS

Exploits0Affected Software1

Apache Httpd•added 2003/08/04 12:0 a.m.•29 views

Apache Httpd < 1.3.29 : Local configuration regular expression overflow

7.2CVSS1.3AI score0.00523EPSS

Exploits0Affected Software1

NVD•added 2002/12/31 5:0 a.m.•12 views

CVE-2002-2175

phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username...

4CVSS6.3AI score0.00618EPSS

Exploits0References4

Cvelist•added 2000/02/04 5:0 a.m.•19 views

CVE-1999-0455

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly...

6.6AI score0.09129EPSS

Exploits0References1

CVE•added 2000/02/04 5:0 a.m.•61 views

CVE-1999-0477

The CVE-1999-0477 issue affects the ColdFusion Application Server’s Expression Evaluator. A remote attacker can upload files via openfile.cfm due to insufficient access restriction, enabling arbitrary file upload on the server. This is documented across multiple sources (e.g., Red Hat, NVD) with ...

7.5CVSS6.6AI score0.06853EPSS

Exploits0References1Affected Software1

Cvelist•added 2000/02/04 5:0 a.m.•12 views

CVE-1999-0477

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly...

6.6AI score0.06853EPSS

Exploits0References1

NVD•added 1999/12/25 5:0 a.m.•10 views

CVE-1999-0477

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly...

7.5CVSS6.6AI score0.06853EPSS

Exploits0References1

Friends Of PHP•added 1970/01/01 12:0 a.m.•17 views

CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

9.6CVSS9.3AI score0.01064EPSS

Exploits1Affected Software1