Lucene search
+L

496 matches found

cert
cert
added 2009/05/19 12:0 a.m.84 views

Microsoft IIS WebDAV Remote Authentication Bypass

Overview A vulnerability exists in the way Microsoft Internet Information Server IIS handles unicode tokens that may allow authentication bypass. Description Web-based Distributed Authoring and Versioning WebDAV is a set of HTTP extensions that allow collaborative management and editing of files...

7.5CVSS6AI score0.98115EPSS
Exploits4References4
openvas
openvas
added 2009/02/17 12:0 a.m.32 views

Fedora Update for libxml2 FEDORA-2008-7395

Check for the Version of libxml2 OpenVAS Vulnerability Test Fedora Update for libxml2 FEDORA-2008-7395 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

4.3CVSS6.8AI score0.02507EPSS
Exploits1References2
securityvulns
securityvulns
added 2009/01/31 12:0 a.m.325 views

PerlSoft Guestbook v1.7b Bruteforcer + RCE!

Typ: Bruter & RCE Name: PerlSoft GB Pwner Affected Software: PerlSoft Gastebuch Version: 1.7b Coder/Bugfounder: Perforin ------ the RCE is only once possible, do not waste your command! STEP1: Use my script to bruteforce the admin login from the guestbook. STEP2: If we gain access, you can decide...

7.5AI score
Exploits0
nessus
nessus
added 2008/03/25 12:0 a.m.990 views

PHP 5.x < 5.2 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several...

10CVSS6.1AI score0.15388EPSS
Exploits7References17
cvelist
cvelist
added 2007/05/09 5:0 p.m.18 views

CVE-2007-2555

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...

6.2AI score0.00989EPSS
Exploits0References4
nessus
nessus
added 2007/01/17 12:0 a.m.23 views

FreeBSD : cacti -- Multiple vulnerabilities (41da2ba4-a24e-11db-bd24-000f3dcc6a5d)

Secunia reports : rgod has discovered four vulnerabilities in Cacti, which can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...

5.5AI score
Exploits0References2
freebsd
freebsd
added 2007/01/14 12:0 a.m.21 views

lighttpd -- DOS when access files with mtime 0

Lighttpd SA: Lighttpd caches the rendered string for mtime. The cache key has as a default value 0. At that point the pointer to the string are still NULL. If a file with an mtime of 0 is requested it tries to access the pointer and crashes. The bug requires that a malicious user can either uploa...

7.8CVSS6.5AI score0.02716EPSS
Exploits0References1
prion
prion
added 2006/02/15 11:6 a.m.14 views

Design/Logic Flaw

The 1 addfolder and 2 deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled...

5CVSS7.1AI score0.01491EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2005/12/05 12:0 a.m.27 views

Blog System v1.2 SQL inj. vuln.

Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...

0.3AI score
Exploits0
centos
centos
added 2005/08/03 10:53 p.m.70 views

dump, rmt security update

CentOS Errata and Security Advisory CESA-2005:583-01 Updated dump packages that address two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. Dump examines files in a file system,...

5.5CVSS5.7AI score0.00332EPSS
Exploits0References8
exploitdb
exploitdb
added 2005/04/16 12:0 a.m.37 views

phpBB Remote - &#039;mod.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to...

7.4AI score
Exploits0
cvelist
cvelist
added 2005/03/20 5:0 a.m.22 views

CVE-2005-0776

adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos...

6.8AI score0.02404EPSS
Exploits0References4
packetstorm
packetstorm
added 2005/03/15 12:0 a.m.26 views

photopost50rc3.txt

PhotoPost 5.0RC3, All Enthusiast, Inc, multiple vulnerabilities March 05 2005 For your consideration. 1. BACKGROUND PhotoPost is a popular commercial image publishing software. Everyone loves showing off their photos! Add PhotoPost to your site, or let us install it for you, and your visitors wil...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2004/08/20 12:0 a.m.21 views

Nihuo Web Log Analyzer 1.6 - HTML Injection

source: https://www.securityfocus.com/bid/10988/info An HTML injection vulnerability is reported in Nihuo Web Log Analyzer. The problem occurs due to a lack of proper sanitization of user-supplied input data. Attackers may potentially exploit this issue to manipulate web content or to steal...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2004/02/18 12:0 a.m.25 views

Linksys WAP55AG 1.0.7 - SNMP Community String Insecure Configuration

source: https://www.securityfocus.com/bid/9688/info Linksys WAP55AG appliance has been reported prone to an insecure default configuration vulnerability. It has been reported that all SNMP MIB Management Information Base community strings, even read/write strings may be disclosed to a remote...

7.4AI score
Exploits0
cert
cert
added 2002/04/05 12:0 a.m.31 views

AOL Instant Messenger contains buffer overflows in parsing of AIM URI handler requests

Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A buffer overflow vulnerability exists that can manipulate the configuration of the victim's client. Description AIM installs a URI handler that permits the use of the "aim:" protocol on the...

6.7AI score
Exploits0References3
Rows per page
Query Builder