Lucene search
+L

1331 matches found

cvelist
cvelist
added 2006/09/19 9:0 p.m.18 views

CVE-2006-4877

Variable overwrite vulnerability in David Bennett PHP-Post PHPp 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the tableprefix parameter in 1 index.php, 2 profile.php, and 3 header.php...

6.7AI score0.08559EPSS
Exploits0References8
cve
cve
added 2006/09/11 4:0 p.m.56 views

CVE-2006-4673

The CVE-2006-4673 entry concerns PHP-Fusion 6.01.4 and earlier, where maincore.php applies extract() to superglobals. This enables a global-variable overwriting flaw that can lead to SQL injection via the _SERVER[REMOTE_ADDR] parameter to news.php. The vulnerability arises from unrestricted varia...

2.6CVSS7.6AI score0.01146EPSS
Exploits1References7Affected Software1
redhat
redhat
added 2005/08/03 2:16 p.m.7 views

security flaw

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

4.3CVSS5.8AI score0.04242EPSS
Exploits2References4
securityvulns
securityvulns
added 2005/07/15 12:0 a.m.31 views

SquirrelMail Arbitrary Variable Overwriting Vulnerability

GulfTech Security Research July 14th, 2005 Vendor : The SquirrelMail Project Team URL : http://www.squirrelmail.org/ Version : SquirrelMail 1.4.5-RC1 && Earlier Risk : Variable Overwriting Description: SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP...

0.4AI score
Exploits0
nvd
nvd
added 2005/07/13 4:0 a.m.20 views

CVE-2005-2095

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

4.3CVSS8.9AI score0.04242EPSS
Exploits2References13
cvelist
cvelist
added 2005/07/13 4:0 a.m.21 views

CVE-2005-2095

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

8.8AI score0.04242EPSS
Exploits2References13
cvelist
cvelist
added 2005/05/16 4:0 a.m.25 views

CVE-2005-1596

index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the islogged parameter or execute arbitrary code via the maxname2 parameter...

7.9AI score0.06952EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2004/11/16 12:0 a.m.4 views

PT-2004-1119 · Unarj · Unarj

Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...

5CVSS6.2AI score0.02737EPSS
Exploits0References14
redhat
redhat
added 2004/09/01 7:0 p.m.4 views

security flaw

Buffer overflow in the extractone function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w working directory command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise...

10CVSS6.2AI score0.18827EPSS
Exploits0References4
packetstorm
packetstorm
added 1999/08/17 12:0 a.m.41 views

putsyslog.txt

http://www.rootshell.com/ From [email protected] Wed Jul 8 10:18:27 1998 Date: Wed, 8 Jul 1998 19:08:41 +0200 From: Paul Boehm To: [email protected] Subject: putsyslog hi, users can write messages to syslog and thus hide files in there and bypass quotas.. later they can extract it if they ha...

7.4AI score
Exploits0
mskb
mskb
added 1970/01/01 12:0 a.m.13 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder