Lucene search
K

754 matches found

Tenable Nessus
Tenable Nessus
added 2002/08/21 12:0 a.m.62 views

Mountain Network Systems webcart.cgi Arbitrary Command Execution

webcart.cgi is installed and does not properly filter user input. An attacker may use this flaw to execute any command on your system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. untested Script audit and contributions from Carmichael Security Erik Anderson nb: domain no longer exists...

7.5CVSS7.3AI score0.09057EPSS
Exploits1References2
NVD
NVD
added 2002/07/03 4:0 a.m.21 views

CVE-2002-0555

IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it...

7.5CVSS7.3AI score0.01571EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/05/16 12:0 a.m.31 views

Apple OSX sliplogin overflow

side note ... isn't it odd that I can run gdb on a suid binary? Osx version 10.1.3 localhost: elguapo ls -al /usr/sbin/sliplogin -r-sr-xr-x 1 root wheel 14700 Dec 8 10:49 /usr/sbin/sliplogin localhost: elguapo sliplogin perl -e 'print "A" x 9000' Bus error localhost: elguapo uname -a Darwin...

1.6AI score
Exploits0
exploitpack
exploitpack
added 2002/04/20 12:0 a.m.17 views

Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting

Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4565/info Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question FAQ management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2001/12/19 12:0 a.m.36 views

Aktivate Shopping System Cross Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aktivate Shopping System Cross Site Scripting Vulnerability Type: Cross Site Scripting Release Date: December 18, 2001 Product / Vendor: Aktivate is a complete, end-to-end e-commerce solution aimed at Linux and other Unices. Aktivate is targeted at...

6.6AI score
Exploits0
exploitpack
exploitpack
added 2001/08/31 12:0 a.m.19 views

SIX-webboard 2.01 - File Retrieval

SIX-webboard 2.01 - File Retrieval source: https://www.securityfocus.com/bid/3175/info SIX-webboard 2.01 does not filter ".." and "/" from user input, allowing users to enter arbitrary values in order to view or retrieve files not normally accessible to them from the remote host...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.58 views

Security problems with Phorum php message board

Author: Brian Moon Homepage: www.phorum.org Version: 3.2.6 Problem: Any user can parse a choosed php script file using the Phorum sustem. It is also possibel, under certain circunstances, to execute arbitrary commands on the server as the httpd user. Status: Fixed in version 3.2.7 released...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2000/11/24 12:0 a.m.21 views

Phorum 3.x - Arbitrary File Read

Phorum 3.x - Arbitrary File Read source: https://www.securityfocus.com/bid/1997/info Phorum is a PHP based web forums package. Due to an error in the handling of user input in administrative scripts, any user can view the any file readable by the webserver on the target host. This is due to...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/07/19 12:0 a.m.29 views

Дырка в Blackboard Courseinfo

Непроверяемый ввод пользователя позволяет поменять пароль любого пользователя или создать нового...

1.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/05/25 12:0 a.m.46 views

Очередная дырка в qpopper 2.53

Ввод пользователя используется в качестве форматной строки, что позволяет переполнить буфер и получить привилегии группы mail...

0.4AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2000/05/16 12:0 a.m.42 views

Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package,...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2000/03/05 12:0 a.m.20 views

SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname

SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname source: https://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/02/29 12:0 a.m.76 views

The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a path to a file for inclusion, for...

7AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.33 views

lotus-notes-smtp-DoS.txt

Date: Fri, 15 Jan 1999 00:52:53 PST From: Siva Sankar Adiraju To: [email protected] Subject: Lotus Notes SMTP Server bug There is a security bug in IBM's Lotus Notes SMTP server. eg. An SMTP session: helo a 250 notes.foo.com helo b 500 Session already established. The domain name b passed in...

7.4AI score
Exploits0
Rows per page
Query Builder