Lucene search
K

168 matches found

seebug
seebug
added 2013/01/27 12:0 a.m.19 views

ThinkSNS V3任意删除评论 微博 转发漏洞

简要描述: 今天注册的v3测试下功能 发现v3问题很多 主要是在没有验证权限,只是单纯的在js上进行验证,下面是测试截图。 详细说明: 删除前: 删除中 修改uid和微博id 删除后: 漏洞证明:...

7.1AI score
Exploits0
ptsecurity
ptsecurity
added 2011/06/24 12:0 a.m.4 views

PT-2011-12: Information Disclosure in ManageEngine ServiceDesk Plus 8.0

Positive Research Center has discovered an information disclosure in ManageEngine ServiceDesk Plus. Incorrect privilege validation allows attackers with guest privileges account guest/guest to modify backup rights and use these new rights to create a backup copy in any folder. How to fix Update...

6.3CVSS7.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 2011/06/24 12:0 a.m.8 views

PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0

The specialists of the Positive Research center have revealed privilege gaining vulnerability in ManageEngine ServiceDesk Plus. Insufficient privilege validation allows attackers with guest privileges account guest/guest to create a user with servicedesk administrator privileges via HTTP GET...

6.5CVSS7.2AI score
Exploits0References3
nessus
nessus
added 2009/04/23 12:0 a.m.21 views

Ubuntu 7.10 : hplip vulnerabilities (USN-674-2)

USN-674-1 provided packages to fix vulnerabilities in HPLIP. Due to an internal archive problem, the updates for Ubuntu 7.10 would not install properly. This update provides fixed packages for Ubuntu 7.10. We apologize for the inconvenience. It was discovered that the hpssd tool of hplip did not...

7.2CVSS5.4AI score0.00542EPSS
Exploits0References3
nessus
nessus
added 2009/04/23 12:0 a.m.23 views

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : hplip vulnerabilities (USN-674-1)

It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts...

7.2CVSS5.4AI score0.00542EPSS
Exploits0References3
openvas
openvas
added 2009/03/23 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-674-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.6AI score0.00542EPSS
Exploits0References2
openvas
openvas
added 2008/01/17 12:0 a.m.36 views

Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0)

The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1451-1. OpenVAS Vulnerability Test $Id: deb14511.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1451-1 mysql-dfsg-5.0 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

7.1CVSS0.8AI score0.1426EPSS
Exploits4
nessus
nessus
added 2008/01/07 12:0 a.m.65 views

Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities

Several local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3781 It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was...

7.1CVSS7.9AI score0.1426EPSS
Exploits4References7
Rows per page
Query Builder