Lucene search
K

2855 matches found

OSV
OSV
added 2006/07/06 8:5 p.m.1 views

DEBIAN-CVE-2006-3376

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including 1 wv, 2 abiword, 3 freetype, 4 gimp, 5 libgsf, and 6 imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file...

7.5CVSS9.7AI score0.07745EPSS
Exploits0References1
Prion
Prion
added 2006/05/30 10:2 a.m.12 views

Sql injection

SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter...

7.5CVSS9.1AI score0.01825EPSS
Exploits1References8
OSV
OSV
added 2006/03/28 12:0 a.m.21 views

DSA-1021-1 netpbm-free - insecure program execution

Bulletin has no description...

7.5CVSS6AI score0.03741EPSS
Exploits0
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.17 views

Information about the scan

This script displays, for each tested host, information about the scan itself: - The version of the VT feed - The type of VT feed Direct, Registered or GPL - The version of the Scanner Engine - The port scanners used - The port range scanned - The date of the scan - The duration of the scan - The...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2005/12/28 1:3 a.m.20 views

CVE-2005-4518

Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the maxfilesize parameter to 1 bugfileadd.php, 2 bugreport.php, 3 bugreportadvancedpage.php, and 4 projdocaddpage.php...

7.5CVSS5.9AI score0.03742EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2005/12/18 12:0 a.m.23 views

rssh -- privilege escalation vulnerability

Pizzashack reports: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed and rsshchroothelper is installed SUID to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentiall...

7.2CVSS6.8AI score0.00381EPSS
Exploits0References1
CVE
CVE
added 2005/11/16 9:17 p.m.45 views

CVE-2002-2148

The CVE covers Lucent Ascend devices: MAX Router 5.0 and earlier, Pipeline Router 6.0.2 and earlier, and DSLTerminator. Affected component/behavior is a UDP port 9 discard handling that causes the device to leak sensitive interface details (hostname, MAC, IP) in the response when an attacker send...

5CVSS6.4AI score0.01373EPSS
Exploits0References3Affected Software3
0day.today
0day.today
added 2005/11/03 12:0 a.m.50 views

CuteNews <= 1.4.1 (shell inject) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================================= CuteNews CuteNews 1.4.1 re...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/23 12:0 a.m.47 views

PHP-Nuke 7.8 - SQL Injection / Remote Command Execution

?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/08 12:0 a.m.47 views

Cyphor 0.19 - Board Takeover (SQL Injection)

SQL Injection:" /str0ke --- cyphor019xpl.php 7.36 08/10/2005 Cyphor 0.19 possibly prior versions SQL injection / board takeover by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference = on registerglobals = on...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/08/23 12:0 a.m.37 views

[SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=&gt;x cXIb8O3.15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple vulnerabilities in PostNuke 0.760-RC4b=x cXIb8O3.15 Author: Maksymilian Arciemowicz cXIb8O3 Date: 12.6.2005 from SECURITYREASON.COM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 PostNuke is an open source, open developement...

Exploits0
securityvulns
securityvulns
added 2005/07/26 12:0 a.m.27 views

[SA16183] pstotext Arbitrary Postscript Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.7AI score
Exploits0
CVE
CVE
added 2005/02/21 5:0 a.m.50 views

CVE-2005-0497

The CVE-2005-0497 issue affects ADP Elite System Max 9000. It lets remote authenticated users gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory, indicating a local-privilege-escalation flaw due to improper handling of user-supplied profiles. ...

7.2CVSS6.9AI score0.00732EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/02/17 12:0 a.m.12 views

Debian DSA-685-1 : emacs21 - format string

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

7.5CVSS5.9AI score0.04364EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2004/12/02 10:13 a.m.3 views

security flaw

The binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATHMAX to be used, leading to buffer overflows that allow local users to cause a denial of service...

7.2CVSS6.2AI score0.00558EPSS
Exploits0References4
OSV
OSV
added 2004/08/06 4:0 a.m.1 views

DEBIAN-CVE-2004-0417

Integer overflow in the "Max-dotdot" CVS protocol command servemaxdotdot for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space...

5CVSS7.3AI score0.03069EPSS
Exploits0References1
CVE
CVE
added 2004/06/11 4:0 a.m.70 views

CVE-2004-0417

CVS-2004-0417 involves an Integer overflow in the Max-dotdot command (serve_max_dotdot) affecting CVS 1.12.x (up to 1.12.8) and 1.11.x (up to 1.11.16). The issue can let remote attackers crash the CVS server, potentially leaving undeleted data and consuming disk space (DoS). Publicly available fi...

5CVSS6.5AI score0.03069EPSS
Exploits0References10Affected Software3
RedHat Linux
RedHat Linux
added 2004/06/09 1:0 p.m.5 views

security flaw

Integer overflow in the "Max-dotdot" CVS protocol command servemaxdotdot for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space...

5CVSS5.9AI score0.03069EPSS
Exploits0References4
securityvulns
securityvulns
added 2003/06/09 12:0 a.m.28 views

Critical Vulnerabilities In Max Web Portal

Multiple Vulnerabilities In Max Web Portal ------------------------------------------ Discovery Date: 05/2003 Versions Vuln : All? / 1.30 Author's URL : http://www.maxwebportal.com http://www.maxcanada.ca Notify Status : Patch Available / Upgrade Product Description...

6AI score
Exploits0
exploitpack
exploitpack
added 2003/06/06 12:0 a.m.19 views

Max Web Portal 1.30 - Multiple Vulnerabilities

Max Web Portal 1.30 - Multiple Vulnerabilities Max Web Portal Multiple Vulnerabilities Vendor: Max Web Portal Product: Max Web Portal Version: alertdocument.cookie Remember this vuln as I will later explain how it can be used to aide an attacker to compromise user and admin accounts. Hidden Form...

0.5AI score
Exploits0
Rows per page
Query Builder