CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Saint•added 2009/02/26 12:0 a.m.•60 views

Java Runtime Environment JAR manifest Main Class buffer overflow

Added: 02/26/2009 CVE: CVE-2008-5354 BID: 32608 OSVDB: 50499 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in JRE allows command execution when a user opens a JAR archive containing a manifest file with a specially craft...

9.3CVSS7.9AI score0.21216EPSS

Exploits5

RedHat Linux•added 2009/01/13 9:39 p.m.•3 views

OpenJDK Privilege escalation in command line applications (6733959)

Stack-based buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with...

RedHat Linux•added 2009/01/13 9:33 p.m.•2 views

OpenJDK Privilege escalation in command line applications (6733959)

Exploit DB•added 2009/01/01 12:0 a.m.•17 views

OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes)

OpenBSD/x86 - setuid0 + Load Kernel Module /tmp/o.o Shellcode 74 bytes. Shellcode exploit for OpenBSDx86 platform / The modload shellcode setuid0 loads /tmp/o.o module very usefull if you have rootkit as kernel module in the /tmp dir Size 74 bytes OS OpenBSD /rootteam/dev0id rootteam.void.ru...

7.1AI score

Cvelist•added 2008/12/05 11:0 a.m.•30 views

CVE-2008-5354

8.1AI score0.21216EPSS

Exploits5References37

CVE•added 2008/12/05 11:0 a.m.•107 views

CVE-2008-5354

CVE-2008-5354 describes a stack-based buffer overflow in Sun JRE/JDK/J2SE components that affects JRE/JDK 6u10 and earlier, 5.0u16 and earlier, and 1.4.2_18 and earlier. The vulnerability allows arbitrary code execution when a user opens a crafted JAR file, with the issue triggered by an excessiv...

9.3CVSS8.1AI score0.21216EPSS

Exploits5References37Affected Software3

RedHat Linux•added 2008/12/04 3:45 p.m.•4 views

OpenJDK Privilege escalation in command line applications (6733959)

RedHat Linux•added 2008/12/04 3:45 p.m.•3 views

OpenJDK Privilege escalation in command line applications (6733959)

F5 Networks•added 2008/06/30 12:0 a.m.•36 views

SOL8918 - Linux kernel vulnerability CVE-2007-3851

A flaw in the DRM driver for Intel graphics cards allows a local user to access any part of the main memory. To access the DRM functionality a user must have access to the X server, which is granted through the graphical login. This also only affects systems with an Intel 965 or later graphic...

6CVSS5.6AI score0.00089EPSS

Prion•added 2008/06/16 8:41 p.m.•11 views

Buffer overflow

Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service task halt and main storage dump via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited...

4.7CVSS6.9AI score0.00047EPSS

Exploits0References5Affected Software1

seebug.org•added 2008/06/03 12:0 a.m.•17 views

LokiCMS admin.php文件绕过安全限制漏洞

BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误，如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话，则无需管理权限就可以设置CMS main settings。以下是有漏洞的代码段： admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...

6.8AI score

xssed•added 2008/06/01 12:0 a.m.•8 views

Unfixed XSS vulnerability at www.lrv.lt

Security researcher F3nix, has submitted on 06/01/2008 a cross-site-scripting XSS vulnerability affecting www.lrv.lt, which at the time of submission ranked 167214 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/01/2008. It is currently...

6.6AI score

Exploits0References1

UbuntuCve•added 2008/03/06 9:44 p.m.•17 views

CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...

7.1CVSS6AI score0.00458EPSS

Exploits1References1

Prion•added 2008/01/29 2:0 a.m.•14 views

Unrestricted file upload

Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory...

7.5CVSS8.2AI score0.35218EPSS

Exploits6References9Affected Software1

seebug.org•added 2008/01/09 12:0 a.m.•15 views

Tribisur 'forum.php'/'cat_main.php' SQL注入漏洞

BUGTRAQ ID: 27149 CNCAN ID:CNCAN-2008010812 Tribisur是一款基于PHP的WEB应用程序。 Tribisur不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。问题是由于'forum.php'和'catmain.php'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Thomas PEREZ Tribisur 2.0 厂商解决方案 --------- 目前没有解决方案提供：...

6.9AI score

seebug.org•added 2008/01/06 12:0 a.m.•12 views

Tribisur <= 2.0 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php echo "Tribisur = 2.0 Remote SQL Injection Exploit\r\n"; echo "Coded by x0kster -x0ksterATgmailDOTcom - \r\n"; / Script Download : http://www.comscripts.com/scripts/php.tribisur-20.1211.html Bug 1 in modules/forum/liste.php : First, this...

7.1AI score