Lucene search
K

765 matches found

0day.today
0day.today
added 2008/06/08 12:0 a.m.17 views

PHPInv 0.8.0 (LFI/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ====================================================== PHPInv 0.8.0 LFI/XSS Multiple Remote Vulnerabilities ====================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/06/08 12:0 a.m.14 views

phpinv 0.8.0 - Local File Inclusion Cross-Site Scripting

phpinv 0.8.0 - Local File Inclusion Cross-Site Scripting ========================================================= PHPInv 0.8.0 LFI/XSS Multiple Remote Vulnerabilities ========================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/08 12:0 a.m.29 views

phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting

========================================================= PHPInv 0.8.0 LFI/XSS Multiple Remote Vulnerabilities ========================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

7.4AI score
Exploits0
NVD
NVD
added 2008/03/20 12:44 a.m.18 views

CVE-2008-1397

Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service site-to-site VPN tunnel outage, and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's...

6.5CVSS6.3AI score0.02165EPSS
Exploits1References9
myhack58
myhack58
added 2007/12/20 12:0 a.m.18 views

Analysis of ring3 under the confrontation 0 8 rising active Defense-vulnerability warning-the black bar safety net

Note: the article has been published in 2 0 0 7 years 1 2 the hack Defense action, after by the original author to submit to the evil octal information security team, the reprint please indicate the original source. I actually for rising antivirus the impression has been is good, to consume...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/26 12:0 a.m.35 views

openSUSE 10 Security Update : ruby (ruby-4703)

This update of ruby improves the SSL certificate verification process. CVE-2007-5162, CVE-2007-5770 Prior to this update it was possible to intercept SSL traffic with a man-in-the-middle attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

5CVSS7.2AI score0.0187EPSS
Exploits1References2
Prion
Prion
added 2007/11/20 7:46 p.m.12 views

Design/Logic Flaw

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...

8.5CVSS7.1AI score0.02354EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2007/11/20 7:46 p.m.21 views

CVE-2007-5361

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...

8.5CVSS6.6AI score0.02354EPSS
Exploits1References10
Cvelist
Cvelist
added 2007/11/20 7:0 p.m.32 views

CVE-2007-5361

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...

6.6AI score0.02354EPSS
Exploits1References10
CVE
CVE
added 2007/11/20 7:0 p.m.58 views

CVE-2007-5361

The CVE-2007-5361 issue affects Alcatel-Lucent OmniPCX Enterprise (7.1 and earlier). The Communication Server caches a phone IP during a TFTP request from an IP Touch device and then uses that IP as the destination for all subsequent VoIP packets to that phone. This enables remote attackers to ca...

8.5CVSS6.6AI score0.02354EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2007/08/31 12:17 a.m.14 views

Code injection

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications...

6.4CVSS7.2AI score0.02133EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2007/08/31 12:17 a.m.13 views

Code injection

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept...

6.4CVSS7.2AI score0.0183EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/08/31 12:17 a.m.16 views

CVE-2007-4615

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications...

6.4CVSS6.7AI score0.02133EPSS
Exploits0References6
NVD
NVD
added 2007/06/21 6:30 p.m.19 views

CVE-2007-3319

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...

7.5CVSS6.7AI score0.01632EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/06/21 6:0 p.m.23 views

CVE-2007-3319

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...

6.7AI score0.01632EPSS
Exploits0References6
NVD
NVD
added 2007/05/03 5:19 p.m.21 views

CVE-2007-2480

The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...

4.6CVSS6.3AI score0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/05/03 5:0 p.m.26 views

CVE-2007-2480

The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...

6.3AI score0.00351EPSS
Exploits0References2
CVE
CVE
added 2007/05/03 5:0 p.m.71 views

CVE-2007-2480

CVE-2007-2480 affects Linux kernel 2.6.21 and earlier, in net/ipv4/udp.c. The _udp_lib_get_port function allows binding a port with a specific local address even when the port is already bound by a wildcard local address, potentially letting local users intercept local traffic for daemons or othe...

4.6CVSS6.3AI score0.00351EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/03/26 11:19 p.m.22 views

Privilege escalation

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol WPAD without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet...

7.5CVSS6.8AI score0.15254EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/10/23 5:0 p.m.91 views

CVE-2003-1307

Summary: CVE-2003-1307 affects the mod_php module of the Apache HTTP Server. Vulnerability: Local users with write access to PHP scripts can signal the server’s process group and manipulate server file descriptors, demonstrated by sending a STOP signal and intercepting connections on the server’s...

4.3CVSS6.4AI score0.01603EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder