29 matches found
EUVD-2007-2129
Malware in sbrugna...
EUVD-2006-3718
Malware in sbrugna...
EUVD-2006-5363
Malware in sbrugna...
Lucee Scheduled Job v1.0 - Command Execution Exploit
Exploit Title: Lucee Scheduled Job v1.0 - Command Execution Exploit Author: Alexander Philiotis Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: All versions with scheduled jobs enabled Tested on: Linux - Debian, Lubuntu & Windows 10 Ref :...
book-cli (=1.2.0) potentially affected by CVE-2017-16152 via static-html-server (=0.1.2)
static-html-server NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on static-html-server and may be impacted: - book-cli =1.2.0 Source cves: CVE-2017-16152 Source advisory: OSV:GHSA-9J5M-873F-XH76...
Directory Traversal in static-html-server
Affected versions of static-html-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
static-html-server is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...
static-html-server directory traversal vulnerability
static-html-server is a static file server. A directory traversal vulnerability exists in static-html-server. An attacker can exploit this vulnerability by placing a '... /' sequence in a URL to gain access to the file system...
CVE-2017-16152
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Directory traversal
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16152
CVE-2017-16152 affects the static-html-server static file server. The connected documents describe a directory traversal vulnerability triggered by URL paths containing ../, which can allow an attacker to access files outside the intended directory root and disclose private files. PoC examples ar...
eScan Web Management Console Command Injection
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'Adobe...
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex' class Metasploit3 'Sun...
CVE-2007-2134
Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01...
Design/Logic Flaw
Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01...
CVE-2007-2134
Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01...
CVE-2007-2134
CVE-2007-2134 concerns an unspecified vulnerability in the HTML Server component inside Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1. The description indicates unknown impact and local attack vectors (aka JDE01); CVSS v2 base score is 7.2 (HIGH) with local access, no authentication require...
CVE-2006-5378
Unspecified vulnerability in JD Edwards HTML Server in JD Edwards EnterpriseOne SP23O2, 8.95.P1, and 8.96.D1 has unknown impact and remote authenticated attack vectors, aka Vuln JDE01...
CVE-2006-5378
Unspecified vulnerability in JD Edwards HTML Server in JD Edwards EnterpriseOne SP23O2, 8.95.P1, and 8.96.D1 has unknown impact and remote authenticated attack vectors, aka Vuln JDE01...