CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2012/01/25 12:0 a.m.•34 views

Facebook Applications Null Byte Injection

Title ===== Facebook Application Null Byte Injection Date ==== 25/01/2012 Author ====== Bug === Null Byte Injection Introduction ============ The application is currently included and viewable by all facebook users. Facebook is a social networking service and website launched in February 2004,...

Exploit DB•added 2012/01/04 12:0 a.m.•109 views

Typo3 4.5 < 4.7 - Remote Code Execution / Local File Inclusion / Remote File Inclusion

Exploit Title: Typo3 v4.5-4.7 - Remote Code Execution RFI/LFI Date: 4th January 2012 Author: MaXe Software Link: https://typo3.org/download/ Version: 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 + development releases of 4.7 branch Typo3 v4.5-4.7 - Remote Code Execution RFI/LFI Versions Affected: 4.5.0 up ...

securityvulns•added 2012/01/02 12:0 a.m.•2993 views

SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416

SEC Consult Vulnerability Lab Security Advisory 20111230-0 ======================================================================= title: Microsoft ASP.NET Forms Authentication Bypass product: Microsoft .NET Framework vulnerable version: Microsoft .NET Framework Version:4.0.30319; ASP.NET...

8.5CVSS6.3AI score0.45576EPSS

Exploits2

Packet Storm•added 2011/12/23 12:0 a.m.•39 views

Tiki Wiki CMS Groupware 8.2 Code Injection

------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1&regexres=phpinfo&regex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange reason this doesn't happen within admin sessions. So,...

0.2AI score0.04271EPSS

Exploits7

myhack58•added 2011/10/26 12:0 a.m.•26 views

Application to the ASP file upload vulnerability 0×0 0 truncation attack-vulnerability warning-the black bar safety net

k ingbase 2011/8/1 Chinese simple narrative This article translated from: 0×0 0 vs ASP file uploads, the original author is: Brett Moore Security-Assessment. com company, this article is written to 0 in 4 years, the original is here: http://...

7.2AI score

seebug.org•added 2011/08/31 12:0 a.m.•15 views

nginx 0.8.37 空字节截断导致任意代码执行漏洞

No description provided by source...

7.1AI score

seebug.org•added 2011/07/30 12:0 a.m.•15 views

Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability

No description provided by source. -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase Adaptive Server -- TippingPointTM IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection...

7.1AI score

Tenable Nessus•added 2011/07/05 12:0 a.m.•45 views

FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)

The phpMyAdmin development team reports : It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

7.5CVSS6.2AI score0.12879EPSS

Exploits18References9

FreeBSD•added 2011/07/02 12:0 a.m.•50 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

7.5CVSS6.7AI score0.12879EPSS

Exploits18References4

OpenVAS•added 2011/06/01 12:0 a.m.•21 views

Nmap NSE net: http-passwd

Checks if a web server is vulnerable to directory traversal by attempting to retrieve '/etc/passwd' or '\boot.ini'. The script uses several technique: Generic directory traversal by requesting paths like '../../../../etc/passwd'. Known specific traversals of several web servers. Query string...

6.7AI score

securityvulns•added 2011/04/14 12:0 a.m.•38 views

Vulnerabilities in Microsoft Reader and HIS

Microsoft Reader is a PC/tablet software for reading the ebooks in LIT format and the Audible audio books. The following are a couple of integer overflows, an heap and an array indexing overflow and the writing of a NULL byte in an arbitrary memory location: http://aluigi.org/adv/msreader1-adv.tx...

1.1AI score

exploitpack•added 2011/04/12 12:0 a.m.•11 views

Microsoft Reader 2.1.1.3143 - Null Byte Write

Microsoft Reader 2.1.1.3143 - Null Byte Write Luigi Auriemma Application: Microsoft Reader http://www.microsoft.com/reader Versions: | 8D47 01 |LEA EAX,DWORD PTR DS:EDI+1 ; size at offset 0xbd of the PoC 5FFF634D |. 50 |PUSH EAX 5FFF634E |. E8 2B470000 |CALL...

Exploit DB•added 2011/04/12 12:0 a.m.•22 views

Microsoft Reader 2.1.1.3143 - Null Byte Write

Luigi Auriemma Application: Microsoft Reader http://www.microsoft.com/reader Versions: | 8D47 01 |LEA EAX,DWORD PTR DS:EDI+1 ; size at offset 0xbd of the PoC 5FFF634D |. 50 |PUSH EAX 5FFF634E |. E8 2B470000 |...

securityvulns•added 2011/03/09 12:0 a.m.•54 views

'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099)

'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & local file deletion due to null-byte attacks...

5.8CVSS6.2AI score0.03172EPSS

0day.today•added 2011/03/07 12:0 a.m.•43 views

Quick Polls Local File Inclusion and Deletion Vulnerabilities

Exploit for php platform in category web applications 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - email protected I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & loc...

7.1AI score0.03172EPSS

Packet Storm•added 2011/03/06 12:0 a.m.•31 views

Quick Polls 1.0.1 Local File Inclusion / Deletion

5.8CVSS6.5AI score0.03172EPSS

exploitpack•added 2011/03/06 12:0 a.m.•19 views

Quick Polls - Local File Inclusion Deletion

Quick Polls - Local File Inclusion Deletion 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & loca...

5.8CVSS6.5AI score0.03172EPSS