CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

622 matches found

OSV•added 2018/02/19 12:0 a.m.•0 views

UBUNTU-CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

6.5CVSS7.1AI score0.04322EPSS

Exploits1References7

Tenable Nessus•added 2018/02/06 12:0 a.m.•65 views

lighttpd < 1.4.28 Insecure Temporary File Creation

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...

1.9CVSS5.5AI score0.00349EPSS

Exploits1References2

0day.today•added 2018/01/17 12:0 a.m.•53 views

Seagate Personal Cloud - Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way ...

10CVSS9.2AI score0.54163EPSS

Exploits4

Packet Storm•added 2018/01/16 12:0 a.m.•47 views

Seagate Personal Cloud Command Injection

SSD Advisory a Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is athe easiest way to store, organize, stream and share all your music, movie...

9.7AI score0.54163EPSS

Exploits4

0day.today•added 2018/01/16 12:0 a.m.•31 views

Seagate Media Server Arbitrary File / Folder Deletion Vulnerabilities

Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability. ------------------------------------------------------------------------ Seagate Media Server allows deleting of...

0.1AI score

Exploits0

Packet Storm•added 2018/01/15 12:0 a.m.•34 views

Seagate Media Server Arbitrary File / Folder Deletion

------------------------------------------------------------------------ Seagate Media Server allows deleting of arbitrary files and folders ------------------------------------------------------------------------ Yorick Koster, September 2017...

7.1AI score

Exploits0

CVE•added 2018/01/12 1:0 a.m.•55 views

CVE-2018-5347

The CVE-2018-5347 entry concerns Seagate Personal Cloud’s Seagate Media Server. The vulnerability affects the .psp URL handling in the Django-based web application (views.py: uploadTelemetry and getLogs) where unsanitized GET parameters are passed to system commands, enabling unauthenticated comm...

10CVSS9.8AI score0.54163EPSS

Exploits4References2Affected Software1

exploitpack•added 2018/01/11 12:0 a.m.•30 views

Seagate Personal Cloud - Multiple Vulnerabilities

Seagate Personal Cloud - Multiple Vulnerabilities SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store...

7.6AI score

Exploits0

Exploit DB•added 2018/01/11 12:0 a.m.•43 views

Seagate Personal Cloud - Multiple Vulnerabilities

SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movie...

7.4AI score

Exploits0

0day.today•added 2018/01/08 12:0 a.m.•39 views

WordPress LearnDash 2.5.3 Plugin - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author...

7.1AI score

Exploits0

Exploit DB•added 2018/01/08 12:0 a.m.•47 views

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...

7.4AI score

Exploits0

seebug.org•added 2017/09/15 12:0 a.m.•43 views

Foscam IP Video Camera CGIProxy.fcgi Query Append Buffer Overflow Vulnerability(CVE-2017-2831)

Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...

5CVSS8.1AI score0.02837EPSS

Exploits2

CNVD•added 2017/08/29 12:0 a.m.•3 views

php-fpm Arbitrary File Creation Vulnerability

php-fpm is a PHPFastCGI process manager for PHP. A security vulnerability exists in php-fpm. A local attacker can exploit this vulnerability to perform a symbolic link attack, write to arbitrary files or create arbitrary files...

5.5CVSS5.6AI score0.00353EPSS

Exploits0References1

Prion•added 2017/05/12 6:29 p.m.•11 views

Format string

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

5CVSS7AI score0.01802EPSS

Exploits0References2Affected Software1

OSV•added 2017/05/12 6:29 p.m.•13 views

CVE-2016-4864

7.5CVSS6.8AI score

Exploits0References2

CVE•added 2017/05/12 6:0 p.m.•48 views

CVE-2016-4864

CVE-2016-4864 affects H2O web server: versions 2.0.3 and earlier and 2.1.0-beta2 and earlier are vulnerable to a DoS via format string specifiers in template files processed by fastcgi, mruby, proxy, redirect or reproxy. Connected sources confirm this vulnerability class and affected ranges, with...

7.5CVSS7.3AI score0.01802EPSS

Exploits0References2Affected Software1

Debian CVE•added 2017/05/12 6:0 p.m.•21 views

CVE-2016-4864

7.5CVSS7.4AI score0.01802EPSS

Exploits0

RedHat Linux•added 2016/11/15 11:40 a.m.•3 views

php: out-of-bounds write in fpm_log.c

An out-of-bounds write flaw was found in the fpmlogwrite logging function of PHP's FastCGI Process Manager service. A remote attacker could repeatedly send maliciously crafted requests to force FPM to exhaust file system space, creating a denial of service and preventing further logging...

9.1CVSS7.3AI score0.04489EPSS

Exploits1References4

Cloud Foundry•added 2016/09/09 12:0 a.m.•91 views

USN-3045-1 PHP vulnerabilities | Cloud Foundry

USN-3045-1 PHP vulnerabilities Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.18 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker...

9.8CVSS9.1AI score0.50427EPSS

Exploits26

Fedora•added 2016/08/10 11:0 a.m.•26 views

[SECURITY] Fedora 23 Update: lighttpd-1.4.41-1.fc23

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

4.5AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by