Lucene search
+L

218 matches found

Packet Storm
Packet Storm
added 2018/06/09 12:0 a.m.79 views

SensioLabs Symfony 3.3.6 Cross Site Scripting

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Date: 08-06-2018 Software Link: https://symfony.com/ Exploit Author: HaMM0nz Chakrit S., a member of KPMG Cyber Security team in Thailand CVE:...

6.3AI score0.01315EPSS
Exploits2
Prion
Prion
added 2016/08/19 9:59 p.m.15 views

Input validation

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the 1 reflect, 2 reflect2, or 3 javamethod Hive builtin functions...

6.5CVSS8AI score0.03281EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/08/19 9:0 p.m.20 views

CVE-2016-0760

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the 1 reflect, 2 reflect2, or 3 javamethod Hive builtin functions...

8.9AI score0.03281EPSS
Exploits0References2
CVE
CVE
added 2016/08/19 9:0 p.m.48 views

CVE-2016-0760

CVE-2016-0760 pertains to Apache Sentry prior to 1.7.0, where multiple incomplete blacklist checks allow remote authenticated users to execute arbitrary code through the Hive builtin functions reflect, reflect2, and java_method. The linked records (NVD, OSV, CNVD, CVE lists) consistently describe...

8.8CVSS8.8AI score0.03281EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2016/08/10 12:0 a.m.4 views

Hive Built-in Function Arbitrary Code Execution Vulnerability

hive is a data warehouse tool based on Hadoop that maps structured data files to a single database table and provides simple sql query functionality that can convert sql statements into MapReduce tasks to run. Arbitrary code execution vulnerabilities exist in the 'reflect', 'reflect2' and...

8.8CVSS7.7AI score0.03281EPSS
Exploits0References1
0day.today
0day.today
added 2015/03/07 12:0 a.m.92 views

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability

Ultimate PHP Board UPB version 2.2.7 suffers from a cross site scripting vulnerability. Exploit Title : Ultimate PHP Board UPB 2.2.7 Cross Site Scripting Vulnerability CVE : CVE-2015-2217 Date : 4 March 2015 Exploit Author : CWH Underground Discovered By : ZeQ3uL Site : www.2600.in.th Vendor...

4.3CVSS6.3AI score0.01892EPSS
Exploits3
Packet Storm
Packet Storm
added 2015/02/19 12:0 a.m.32 views

phpBugTracker 1.6.0 CSRF / XSS / SQL Injection

Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor Status: patched CVE-ID: will asked to be...

7.5CVSS1.1AI score0.01233EPSS
Exploits4
Packet Storm
Packet Storm
added 2014/08/11 12:0 a.m.31 views

IBM Sametime Meet Server 8.5 Cross Site Scripting

Exploit Title: IBM Sametime Meet Server 8.5 Reflect Cross Site Script Google Dork: intitle:"Meeting Center - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:N/AC:M/Au:N/C:P/I:N/A:N%29 CVE-ID:...

4.3CVSS0.01953EPSS
Exploits1
exploitpack
exploitpack
added 2014/07/10 12:0 a.m.16 views

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities source: https://www.securityfocus.com/bid/68519/info WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability. An attacker may leverage these issues to compromise the application, acces...

0.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2013/12/10 12:0 a.m.31 views

MS13-103: Vulnerability in ASP.NET SignalR could allow elevation of privilege: December 10, 2013

Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.INTRODUCTIONMicrosoft has released security bulletin MS13-103. To view the complete security bulletin, visit one of the...

4.3CVSS0.1AI score0.11688EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.5 views

JDK: java.lang.reflect.Method invoke() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

9.3CVSS5.9AI score0.05086EPSS
Exploits0References5
0day.today
0day.today
added 2013/02/05 12:0 a.m.46 views

SERENDIPITY-1.7-RC2 Multiple Xss Vulnerability

Serendipity is a PHP-powered weblog application which gives the user an easy way to maintain an online diary, weblog or even a complete homepage. While the default package is designed for the casual blogger, Serendipity offers a flexible, expandable and easy-to-use framework with the power for...

7AI score
Exploits0
exploitpack
exploitpack
added 2012/08/08 12:0 a.m.16 views

IBM Proventia Network Mail Security System 2.5 - POST File Read

IBM Proventia Network Mail Security System 2.5 - POST File Read !/usr/bin/python ''' Author: muts of Offensive Security Product: IBM ISS Proventia Mail Security Version: 2.5 Vendor Site: http://www.ibm.com/us/en/ Product Page:...

0.1AI score
Exploits0
0day.today
0day.today
added 2011/06/10 12:0 a.m.30 views

IT Reflect => SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2010/09/09 12:0 a.m.62 views

ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing. EMC Identifier: ESA-2010-015 CVE Identifier: CVE-2010-2860 Severity Rating: CVSS v2 Base Score: 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C Affected products: EMC SW: NAS Code...

9.3CVSS0.04266EPSS
Exploits2
exploitpack
exploitpack
added 2008/06/09 12:0 a.m.11 views

Telephone Directory 2008 - SQL Injection Cross-Site Scripting

Telephone Directory 2008 - SQL Injection Cross-Site Scripting ==================================================================== Telephone Directory 2008 SQL/XSS Multiple Remote Vulnerabilities ====================================================================...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/09 12:0 a.m.36 views

Telephone Directory 2008 - SQL Injection / Cross-Site Scripting

==================================================================== Telephone Directory 2008 SQL/XSS Multiple Remote Vulnerabilities ==================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking...

7.4AI score
Exploits0
Prion
Prion
added 2006/01/22 8:3 p.m.18 views

Authentication flaw

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which 1 might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB...

7.5CVSS7.6AI score0.01649EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder