Lucene search
K

39 matches found

Cvelist
Cvelist
added 2019/03/06 10:0 p.m.18 views

CVE-2019-9609

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...

9AI score0.02695EPSS
Exploits1References1
CNVD
CNVD
added 2018/02/27 12:0 a.m.5 views

Cisco Firepower System Software Security Bypass Vulnerability (CNVD-2018-05310)

Cisco Firepower System Software is a next-generation firewall product NGFW of Cisco USA. detection engine is one of the intrusion detection engine. A security vulnerability exists in the detection engine in Cisco Firepower System Software, which stems from the program's failure to properly detect...

5.3CVSS6.9AI score0.01185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/02/08 7:29 a.m.2 views

CVE-2018-0138

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected softwa...

5.3CVSS5.7AI score0.01185EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2015/10/02 12:0 a.m.39 views

FTGate 7 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-V7-CSRF.txt Vendor: ================================ www.ftgate.com www.ftgate.com/ftgate-update-7-0-300 Product: ================================ FTGate v7 Vulnerability Type:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/01/15 12:0 a.m.33 views

Microsoft Word内存破坏漏洞

BUGTRAQ ID: 64726 CVECAN ID: CVE-2014-0258 Microsoft Word 属于办公软件是微软公司的一个文字处理器应用程序。 受影响Microsoft Word 软件解析特制文件时存在远程代码执行漏洞,成功利用这些漏洞后,可导致完全控制受影响系统。 0 Microsoft Word 2013 Microsoft Word 2010 Microsoft Word 2007 Microsoft Word 2003 临时解决方法: 安装配置MOICE为.doc文件的注册处理程序; 用Office文件阻止策略阻止打开.doc和.dot二进制文件;...

9.3CVSS8.7AI score0.15564EPSS
Exploits1
NVD
NVD
added 2011/11/09 11:55 p.m.18 views

CVE-2011-2739

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file...

8.5CVSS7.3AI score0.02685EPSS
Exploits0References2
Prion
Prion
added 2011/11/09 11:55 p.m.10 views

Design/Logic Flaw

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file...

8.5CVSS7.8AI score0.02685EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/11/09 11:0 p.m.27 views

CVE-2011-2739

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file...

7.3AI score0.02685EPSS
Exploits0References2
CVE
CVE
added 2011/11/09 11:0 p.m.39 views

CVE-2011-2739

EMC Documentum eRoom contains a flaw in its file-blocking feature that allows bypassing site-wide controls. In EMC Documentum eRoom 7.3.x and 7.4.x prior to 7.4.3.g, the validation for blocked file types is insufficient, enabling remote authenticated users to upload and open arbitrary files and p...

8.5CVSS7.5AI score0.02685EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.70 views

ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. EMC Identifier: ESA-2011-032 CVE Identifier: CVE-2011-2739 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC SW: EMC Documentum eRoom 7.3...

8.5CVSS1.6AI score0.02685EPSS
Exploits0
seebug.org
seebug.org
added 2010/11/17 12:0 a.m.50 views

Microsoft Office艺术绘图记录解析内存破坏漏洞(MS10-087)

BUGTRAQ ID: 44656 CVE ID: CVE-2010-3334 Microsoft Office是非常流行的办公软件套件。 Office在解析艺术绘图记录时没有充分地执行验证,如果msofbtSp记录指定了某些标志就可以触发内存破坏,导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office for Mac 2011 Microsoft Office 2010 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Office 2003...

9.3CVSS6.8AI score0.25459EPSS
Exploits2
seebug.org
seebug.org
added 2010/08/17 12:0 a.m.59 views

Microsoft Word RTF解析引擎堆溢出漏洞(MS10-056)

BUGTRAQ ID: 42133 CVE ID: CVE-2010-1902 Word是微软Office套件中的文字处理工具。 在处理RTF文档中的某些绘图对象控制字时,Word未经长度检查便将属性值拷贝到了堆缓冲区上,触发堆溢出。成功利用此漏洞的攻击者可以获得与本地用户相同的权限。 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Word 2007 SP2 Microsoft Word 2003 SP3 Microsoft Word 2002 SP3 临时解决方法: 以纯文本格式阅读电子邮件。...

9.3CVSS6.8AI score0.23415EPSS
Exploits1
Packet Storm
Packet Storm
added 2010/02/04 12:0 a.m.37 views

Outlook Web Access Attachment Access

This trick is mostly useful but can also be used for wrong purposes. Since it is so simple, it’s probably already known for some people. If someone sends you a file through OWA but the file is blocked by a policy, this is what you can do: 1-Install firefox 2-Access your email and attachment with...

Exploits0
seebug.org
seebug.org
added 2009/04/16 12:0 a.m.32 views

Microsoft Excel畸形对象远程内存破坏漏洞(MS09-009)

BUGTRAQ ID: 34413 CVECAN ID: CVE-2009-0100 Excel是微软Office套件中的电子表格工具。 如果用户打开带有畸形对象的特制Excel文件,Office Excel中的漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统,攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft Excel Viewer 2003 SP3 Microsoft Excel Viewer Microsoft Excel 2007 SP1 Microsoft Excel 2003 SP3 Microsoft...

9.3CVSS6.8AI score0.29043EPSS
Exploits1
seebug.org
seebug.org
added 2009/04/08 12:0 a.m.39 views

PowerPoint畸形文件解析代码执行漏洞

BUGTRAQ ID: 34351 CVECAN ID: CVE-2009-0556 Microsoft PowerPoint是微软Office套件中的文档演示工具。 PowerPoint在解析特制的PPT文件时可能会导致访问内存中的无效对象,这可能允许攻击者执行任意代码。目前这个漏洞正在被名为Exploit:Win32/Apptom.gen的病毒积极的理由。 Microsoft PowerPoint 2004 for Mac Microsoft PowerPoint 2003 SP3 Microsoft PowerPoint 2002 SP3 Microsoft PowerPoint...

9.3CVSS6.4AI score0.67539EPSS
Exploits5
seebug.org
seebug.org
added 2008/03/14 12:0 a.m.34 views

Microsoft Excel富文本值堆溢出漏洞(MS08-014)

BUGTRAQ ID: 28168 CVECAN ID: CVE-2008-0116 Excel是微软Office办公软件家族中的电子表格工具。 Excel在解析BIFF文件格式时存在堆溢出漏洞,成功利用这个漏洞的攻击者可能以当前登录用户的权限执行任意指令。 如果处理了畸形的标签,就可能由用户控制堆分配,在将用户提供的数据拷贝到堆缓冲区时就可以触发这个溢出,覆盖任意内存。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3...

9.3CVSS6.8AI score0.48229EPSS
Exploits1
seebug.org
seebug.org
added 2008/03/14 12:0 a.m.38 views

Microsoft Office单元格标注解析内存破坏漏洞(MS08-016)

BUGTRAQ ID: 28146 CVECAN ID: CVE-2008-0118 Microsoft Office是非常流行的办公软件套件。 Office处理特制Office文件的方式存在内存分配错误,如果用户受骗打开了畸形文件的话,就可能导致执行任意指令。 Microsoft Office XP SP3 Microsoft Office 2004 for Mac Microsoft Office 2003 Service Pack 2 Microsoft Office 2000 SP3 临时解决方法: 在打开未知或不可信任来源的文件时,使用Microsoft...

9.3CVSS6.8AI score0.34842EPSS
Exploits5
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.21 views

CVE-2001-0530

Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters...

6.7AI score0.01861EPSS
Exploits1References4
NVD
NVD
added 2001/08/14 4:0 a.m.12 views

CVE-2001-0530

Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters...

5CVSS6.7AI score0.01861EPSS
Exploits1References4
Rows per page
Query Builder