Lucene search
K

4529 matches found

NVD
NVD
added 2017/11/06 10:29 p.m.23 views

CVE-2017-16635

In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...

5.4CVSS5.7AI score0.0078EPSS
Exploits2References1
Veracode
Veracode
added 2017/07/19 9:2 p.m.20 views

Arbitrary Code Execution

dolibarr is vulnerable to arbitrary code execution attacks. Low-privilege users were able to upload .exe files to the application, these files would be executed in the context of the application...

8.8CVSS7.6AI score0.01456EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2017/06/25 12:29 p.m.31 views

CVE-2017-9840

Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application...

8.8CVSS7.7AI score0.01456EPSS
Exploits0References2
Prion
Prion
added 2017/04/25 6:59 p.m.11 views

Type confusion

In Joomla! 3.2.0 through 3.6.5 fixed in 3.7.0, inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden...

4CVSS6.3AI score0.00981EPSS
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/01 12:0 a.m.60 views

[20170407] - Core - ACL Violations

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden...

6.5CVSS6.4AI score0.00981EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/02/02 11:3 p.m.56 views

Tmp files readable by other users

Overview Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher...

4CVSS3AI score0.02557EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2017/02/02 2:48 p.m.40 views

CVE-2017-2600

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...

4.3CVSS5.8AI score0.01098EPSS
Exploits0References2
Mageia
Mageia
added 2016/05/05 4:26 p.m.45 views

Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

9CVSS5.7AI score0.82697EPSS
Exploits23References3
OSV
OSV
added 2016/05/05 4:26 p.m.11 views

MGASA-2016-0162 Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

9CVSS8.8AI score0.82697EPSS
Exploits23References4
Rows per page
Query Builder