Lucene search
K

34 matches found

OSV
OSV
added 2023/12/21 11:15 p.m.5 views

UBUNTU-CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

8.8CVSS6.4AI score0.63774EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2023/10/24 12:0 a.m.8 views

The vulnerability of the file include/page/Article.php in the MediaWiki software, which is used to implement a hypertext environment, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the File/include/page/Article.php script used in implementing the MediaWiki hypertext environment is related to the improper assignment of permissions for the critical resource during the signature request check. Exploiting this vulnerability can allow an attacker operating...

5.3CVSS5.9AI score0.00421EPSS
Exploits0References4Affected Software3
RedHat Linux
RedHat Linux
added 2023/10/19 1:19 p.m.6 views

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

4.3CVSS5.8AI score0.00709EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.5 views

SUSE CVE-2007-0905

PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...

7.5CVSS7AI score0.02452EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/06/15 12:0 a.m.5 views

The vulnerability in the grel.php web interface of the unified console consolidation platform for backup and archiving FUJITSU ETERNUS CS8000 allows a perpetrator to execute arbitrary code and gain elevated privileges.

The vulnerability of the grel.php web interface of the unified console consolidation platform for backup and archiving FUJITSU ETERNUS CS8000 relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain elevated...

9.9CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/05/20 6:56 a.m.61 views

CVE-2019-11048

A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service...

5CVSS3.4AI score0.06264EPSS
Exploits1References3
OSV
OSV
added 2018/07/02 3:29 p.m.3 views

CVE-2018-13056

An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcmsmain table and then making an img add request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.8AI score0.01254EPSS
Exploits1References1
CNVD
CNVD
added 2017/01/03 12:0 a.m.2 views

WordPress plugin wp-sns-share suffers from a reflected cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A reflective cross-site scripting vulnerability exists in the WordPress plugin wp-sns-share 'index.php' page, which can be exploited by attackers to construct...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/08 12:0 a.m.148 views

HP System Management Homepage < 7.4 Multiple Vulnerabilities

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is affected by the following vulnerabilities : - A flaw exists within the included cURL that disables the 'CURLOPTSSLVERIFYHOST' check when the setting on 'CURLOPTSSLVERIFYPEER' ...

7.5CVSS7.7AI score0.35635EPSS
Exploits8References9
OSV
OSV
added 2011/08/19 9:55 p.m.2 views

DEBIAN-CVE-2011-3265

popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter...

5CVSS6.9AI score0.01465EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2007/03/14 2:1 a.m.5 views

security flaw

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...

10CVSS5.8AI score0.03274EPSS
Exploits0References4
securityvulns
securityvulns
added 2004/03/27 12:0 a.m.32 views

bblog 0.7.2 cross site scripting

Introduction: Bblog, a blogging system scripted in PHP does not perform sufficient filtering when submitting a blog name. The severity of this flaw however, is low as the required privileges to access the administration panel for bblog is superuser. The problem: The flaw lies in...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/05/14 12:0 a.m.21 views

Poster version.two index.php Account Manipulation Privilege Escalation

The remote host is running 'poster version.two' a news posting system written in PHP. There is a flaw in this version that allows new users to enter a specially crafted name that could allow them to gain administrative privileges on this installation. %NASLMINLEVEL 70300 C Tenable Network Securit...

7.5CVSS5.5AI score0.01366EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/03/26 12:0 a.m.32 views

Cookie vulnerability in Alguest guestbook &#40;PHP&#41;

Alguest is a guestbook programmed in PHP, there is a major flaw in it which enables any user to access the admin panel. The script can be downloaded from http://www.hotscripts.com/cgi-bin/dload.cgi?ID=14105 It has a flaw in which cookie data isn't properly checked for administrator rights usernam...

0.5AI score
Exploits0
Rows per page
Query Builder