Lucene search
K

4 matches found

Prion
Prion
added 2017/04/13 2:59 p.m.14 views

Sql injection

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to 1 mydevice/client/image, 2 admin/client/image, 3...

6.8CVSS9.2AI score0.04099EPSS
Exploits5References5Affected Software1
NVD
NVD
added 2007/10/06 5:17 p.m.19 views

CVE-2007-5253

c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte %00 sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might b...

5CVSS6.7AI score0.0887EPSS
Exploits0References9
Prion
Prion
added 2007/10/06 5:17 p.m.15 views

Directory traversal

c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte %00 sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might b...

5CVSS7AI score0.0887EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2007/10/06 5:0 p.m.51 views

CVE-2007-5253

Cart32 (shopping cart app) vulnerability CVE-2007-5253 affects the GetImage function in c32web.exe prior to Cart32 6.4. An attacker can read arbitrary files by supplying an ImageName parameter that appends a NULL byte then a file extension (e.g., ".txt%00.gif"), potentially enabling directory tra...

5CVSS6.7AI score0.0887EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder