Lucene search
K

14 matches found

Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.7 views

Microsoft .library-ms File / NTLM Information Disclosure - Resurrected 2025

It took 7 years, but Microsoft finally realized a vulnerability was severe enough to be addressed and it was not until other researchers also reported it, that the original researcher finally got credited after pointing it out...

6.5CVSS6.8AI score0.58974EPSS
Exploits20
WPVulnDB
WPVulnDB
added 2020/10/29 12:0 a.m.345 views

WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE

Description The release notes state: "Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE." The attack consisted of creating a DoS condition on the MySQL database, which would make WordPress think that it has not been installed, presenting the installation wizard. The...

9.8CVSS9.2AI score0.0774EPSS
Exploits0References4
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.18 views

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher notifi...

0.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2012/10/16 12:0 a.m.46 views

CVE-2012-3152

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the Octob...

9.1CVSS9.1AI score0.98695EPSS
In wildExploits11References14
Prion
Prion
added 2011/12/30 7:55 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter. NOTE: the original disclosure also mentions the sectiontitle parameter, but this was disputed by the vendor and retracted by...

4.3CVSS6.2AI score0.01148EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2010/01/15 8:30 p.m.22 views

CVE-2010-0349

Cross-site scripting XSS vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable...

4.3CVSS5.6AI score0.01074EPSS
Exploits0References5
Prion
Prion
added 2010/01/15 8:30 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable...

4.3CVSS6.1AI score0.01074EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2010/01/15 8:0 p.m.28 views

CVE-2010-0349

Cross-site scripting XSS vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable...

5.6AI score0.01074EPSS
Exploits0References5
Prion
Prion
added 2007/01/16 11:28 p.m.16 views

Design/Logic Flaw

Unspecified vulnerability in the expandstack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has...

7.2CVSS6.8AI score0.00964EPSS
Exploits0References13Affected Software1
NVD
NVD
added 2006/11/17 1:7 a.m.16 views

CVE-2006-5961

Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliabl...

7.5CVSS6.4AI score0.02126EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2006/06/07 10:2 a.m.20 views

CVE-2006-2898

The IAX2 channel driver chaniax2 for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service crash and execute arbitrary code via truncated IAX 2 IAX2 video frames, which bypasses a length check and leads to a buffer overflow involving negative...

7.5CVSS6.6AI score0.04293EPSS
Exploits0References1
Prion
Prion
added 2006/02/25 11:2 a.m.13 views

Sql injection

DISPUTED SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely fr...

7.5CVSS8.4AI score0.01381EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/02/25 11:0 a.m.16 views

CVE-2006-0897

SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

8AI score0.01381EPSS
Exploits0References7
Cvelist
Cvelist
added 2005/05/11 4:0 a.m.24 views

CVE-2005-1487

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 cartid parameter to upstnt.php or 2 psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is...

8.4AI score0.03454EPSS
Exploits1References8
Rows per page
Query Builder