Lucene search
+L

7334 matches found

UbuntuCve
UbuntuCve
added 2005/12/11 2:3 a.m.26 views

CVE-2005-4154

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded...

5.1CVSS6.3AI score0.07381EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/12/11 2:0 a.m.29 views

CVE-2005-4154

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded...

7.5AI score0.07381EPSS
Exploits0References5
CVE
CVE
added 2005/12/11 2:0 a.m.57 views

CVE-2005-4154

CVE-2005-4154 affects PEAR installer 1.4.2 and earlier. The vulnerability is described as unspecified and allows user-assisted attackers to execute arbitrary code via a crafted package that can run code when the pear command is executed or when the Web/Gtk frontend is loaded. Connected sources co...

5.1CVSS7.5AI score0.07381EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2005/12/05 11:3 a.m.20 views

CVE-2005-4021

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...

5CVSS6.5AI score0.01409EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/12/05 11:0 a.m.23 views

CVE-2005-4021

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...

6.5AI score0.01409EPSS
Exploits0References3
CVE
CVE
added 2005/12/05 11:0 a.m.45 views

CVE-2005-4021

CVE-2005-4021 affects Gallery 2.0 before 2.0.2. The install log is stored under the web document root with insufficient access control, enabling a remote attacker to retrieve sensitive information via a simple GET request. Nessus plugin NASL-21019 corroborates that the installation data directory...

5CVSS6.6AI score0.01409EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/12/04 10:0 p.m.44 views

CVE-2004-2635

The CVE-2004-2635 entry concerns an ActiveX control for McAfee Security Installer Control System 4.0.0.81. The vulnerability allows remote attackers to access the Windows registry via web pages that call the control’s RegQueryValue() method. Affected component: ActiveX control; root cause: regist...

7.5CVSS7.1AI score0.01922EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2005/11/22 11:3 p.m.11 views

CVE-2005-3761

Cross-site scripting XSS vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via 1 Javascript in forms produced by the form generator or 2 the parameters to the installer...

4.3CVSS5.7AI score0.01164EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/11/22 11:0 p.m.20 views

CVE-2005-3761

Cross-site scripting XSS vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via 1 Javascript in forms produced by the form generator or 2 the parameters to the installer...

5.7AI score0.01164EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2005/11/01 12:0 a.m.8 views

pear-PEAR -- PEAR installer arbitrary code execution vulnerability

Gregory Beaver reports: A standard feature of the PEAR installer implemented in all versions of PEAR can lead to the execution of arbitrary PHP code upon running the "pear" command or loading the Web/Gtk frontend. To be vulnerable, a user must explicitly install a publicly released malicious...

3.2AI score
Exploits0References1
Ubuntu
Ubuntu
added 2005/08/01 5:47 p.m.63 views

USN-157-1: Mozilla Thunderbird vulnerabilities

Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous functions during regular expression string replacement. A malicious HTML email could exploit this to capture a random block of client memory. CAN-2005-0989 Georgi Guninski discovered that the types of certain XPInstal...

7.5CVSS6AI score0.68097EPSS
Exploits7
Ubuntu
Ubuntu
added 2005/07/27 4:34 a.m.69 views

USN-155-1: Mozilla vulnerabilities

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 It was discovered that a malicious website could...

7.5CVSS6.3AI score0.68097EPSS
Exploits8
RedHat Linux
RedHat Linux
added 2005/03/01 7:1 p.m.8 views

security flaw

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real...

5CVSS5.9AI score0.01671EPSS
Exploits0References4
NVD
NVD
added 2004/12/31 5:0 a.m.14 views

CVE-2004-2635

An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue method...

7.5CVSS6.7AI score0.01922EPSS
Exploits1References6
securityvulns
securityvulns
added 2004/11/19 12:0 a.m.35 views

AppServ 2.5.x and Prior Exploit

what AppServ ========== AppServ is the Apache/PHP/MySQL open source software installer packages. Objective : - Easy to buid Webserver and Database Server - For those who just beginning client/server programming. - For web programmers/developers using PHP & MySQL. - For programming techniques that...

7.3AI score
Exploits0
CVE
CVE
added 2004/09/24 4:0 a.m.73 views

CVE-2004-0906

CVE-2004-0906 is supported by multiple feeds: Mozilla’s XPInstall installer in Firefox (pre-Preview Release), Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure file permissions for files inside XPI packages. This can let a local user overwrite arbitrary files or execute code. Connect...

4.6CVSS6.6AI score0.00424EPSS
Exploits0References11Affected Software2
CERT
CERT
added 2004/09/17 12:0 a.m.17 views

Mozilla Linux installer does not properly set file permissions

Overview Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions. Description Some versions of Mozilla's Linux installer may create installation and program files with...

6.5AI score
Exploits0References6
Exploit DB
Exploit DB
added 2004/09/13 12:0 a.m.36 views

QNX Photon pkg-installer - '-s' Overflow

source: https://www.securityfocus.com/bid/11164/info Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string lengths before copying them into finit...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/04/08 12:0 a.m.33 views

Two Invision Power Board 1.1.x vulns

Hola, Invision Power Services have continued to show their amazing support and understanding for the security community by release two patches for their 'Invision Power Board' product now one of the most widely used 'Board' programs around. Without sending out any security mailing list...

6.9AI score
Exploits0
CVE
CVE
added 2003/04/02 5:0 a.m.42 views

CVE-2002-0622

The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...

7.5CVSS7.7AI score0.19376EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder