Lucene search
K

1214 matches found

securityvulns
securityvulns
added 2009/10/30 12:0 a.m.59 views

CVE-2009-1979 (Oracle RDBMS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. This vulnerability was ranked 10.0 for Windows in CPUoct2009 and related to improper AUTHSESSKEY parameter length validation. http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html Executable + source code attached...

2.1AI score0.76361EPSS
Exploits11
NVD
NVD
added 2009/08/27 8:30 p.m.14 views

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

7.5CVSS6.7AI score0.01413EPSS
Exploits0References5
Prion
Prion
added 2009/08/27 8:30 p.m.14 views

Design/Logic Flaw

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

7.5CVSS7.2AI score0.01413EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2009/08/27 8:30 p.m.6 views

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

7.5CVSS5.8AI score0.01413EPSS
Exploits0References6
Cvelist
Cvelist
added 2009/08/27 8:0 p.m.24 views

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

6.7AI score0.01413EPSS
Exploits0References5
CVE
CVE
added 2009/08/27 8:0 p.m.61 views

CVE-2008-7102

DotNetNuke 2.0–4.8.4 is affected by a skin-file security bypass vulnerability that lets remote attackers load .ascx files instead of skin files due to parameter-validation issues. Affected component: skin file handling; root cause: parameter validation weakness. Impact per sources: potential acce...

7.5CVSS6.9AI score0.01413EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2009/08/07 12:0 a.m.22 views

MDPro Surveys Module SQL Injection Vulnerability

MDPro is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00961EPSS
Exploits1References3
NVD
NVD
added 2008/12/10 2:0 p.m.18 views

CVE-2008-4258

Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."...

8.5CVSS7.2AI score0.17841EPSS
Exploits0References5
CVE
CVE
added 2008/12/10 1:33 p.m.62 views

CVE-2008-4258

CVE-2008-4258 describes a remote code execution vulnerability in Microsoft Internet Explorer 5.01 SP4 and IE6 SP1 caused by improper parameter validation during navigation method calls, leading to memory corruption when processing crafted HTML. Connected advisories (MS08-073) group this with rela...

8.5CVSS7.2AI score0.17841EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2008/12/10 12:0 a.m.4 views

PT-2008-5541 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 6 SP1 Description: A remote code execution issue exists due to improper validation of parameters during calls to navigation methods. This allows attackers to execute arbitrary code via a...

8.5CVSS7.4AI score0.17841EPSS
Exploits0References8
seebug.org
seebug.org
added 2008/12/08 12:0 a.m.21 views

NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln

No description provided by source. vuln.sg Vulnerability Research Advisory NULL FTP Server SITE Parameters Command Injection Vulnerability by Tan Chew Keong Release Date: 2008-12-05 Summary A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows an authenticat...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/28 12:0 a.m.49 views

Python 'Imageop'模块参数验证缓冲区溢出漏洞

BUGTRAQ ID: 31932 CNCAN ID:CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证,远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供,可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...

6.9AI score
Exploits0
NVD
NVD
added 2008/10/15 12:12 a.m.24 views

CVE-2008-2252

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory...

7.2CVSS6.2AI score0.019EPSS
Exploits1References10
seebug.org
seebug.org
added 2008/07/09 12:0 a.m.15 views

1024 CMS多个文件包含漏洞

BUGTRAQ ID: 30091 1024是基于PHP和MySQL的内容管理系统。 1024 CMS中存在多个文件包含漏洞,允许恶意用户泄露敏感信息或入侵有漏洞的系统。 1...

6.9AI score
Exploits0
NVD
NVD
added 2008/04/30 12:10 a.m.37 views

CVE-2008-1736

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...

7.2CVSS6AI score0.00367EPSS
Exploits1References9
CVE
CVE
added 2008/04/29 11:0 p.m.52 views

CVE-2008-1736

CVE-2008-1736 relates to Comodo Firewall Pro 2.4.18.184 where hooked SSDT functions do not properly validate arguments (notably NtDeleteFile, NtCreateFile, NtSetThreadContext). This can allow a local attacker to trigger a Denial of Service (system crash). The issue is described in CoreLabs CORE-2...

7.2CVSS6AI score0.00367EPSS
Exploits1References9Affected Software1
Packet Storm
Packet Storm
added 2008/03/24 12:0 a.m.21 views

hiswebshop-traverse.txt

HIS-Webshop is a shopping-system written in Perl by www.shoppark.de The script doesn´t check the "t"-parameter. Example: http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/02/20 12:0 a.m.30 views

Microsoft IE参数处理内存破坏漏洞(MS08-010)

BUGTRAQ ID: 27689 CVECAN ID: CVE-2008-0078 Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer中的一个ActiveX控件(dxtmsft.dll)在图像处理过程中处理参数验证的方式中存在一个远程执行代码漏洞,攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1...

9.3CVSS6.4AI score0.29062EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.20 views

Debian Security Advisory DSA 893-1 (acidlab)

The remote host is missing an update to acidlab announced via advisory DSA 893-1. Remco Verhoef has discovered a vulnerability in acidlab, Analysis Console for Intrusion Databases, and in acidbase, Basic Analysis and Security Engine, which can be exploited by malicious users to conduct SQL...

7.5CVSS0.2AI score0.0262EPSS
Exploits1
Prion
Prion
added 2007/10/01 8:17 p.m.18 views

Stack overflow

Multiple stack-based buffer overflows in Computer Associates CA BrightStor Hierarchical Storage Manager HSM before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter...

10CVSS8.2AI score0.6346EPSS
Exploits3References10Affected Software1
Rows per page
Query Builder