Lucene search
K

164 matches found

OSV
OSV
added 2018/09/19 3:29 p.m.4 views

CVE-2018-16785

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...

8.8CVSS5.8AI score0.01924EPSS
Exploits1References1
NVD
NVD
added 2018/09/05 8:29 a.m.18 views

CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

9.8CVSS8.6AI score0.02487EPSS
Exploits0References6
Cvelist
Cvelist
added 2018/09/05 7:0 a.m.27 views

CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

8.5AI score0.02487EPSS
Exploits0References6
CVE
CVE
added 2018/09/05 7:0 a.m.121 views

CVE-2018-0502

CVE-2018-0502 affects zsh before 5.6, where the beginning of a shebang script is mishandled, potentially causing an execve call to a program named on the second line. Connected advisories (openSUSE/SUSE/Debian/EulerOS and others) confirm the issue and list zsh as the affected package across multi...

9.8CVSS8.3AI score0.02487EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2018/09/05 7:0 a.m.25 views

CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

9.8CVSS2.1AI score0.02487EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/09/05 12:0 a.m.22 views

CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

9.8CVSS7.1AI score0.02487EPSS
Exploits0References2
NVD
NVD
added 2018/06/29 5:29 p.m.19 views

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

9CVSS7.3AI score0.02204EPSS
Exploits1References1
Prion
Prion
added 2018/06/29 5:29 p.m.15 views

Privilege escalation

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

9CVSS7.3AI score0.02204EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2018/06/07 9:0 p.m.7 views

CVE-2018-0352

A vulnerability in the Disk Check Tool disk-check.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to log in to the...

6.9AI score0.00392EPSS
Exploits0References3
CNVD
CNVD
added 2018/03/28 12:0 a.m.4 views

Mitel Connect ONSITE and Mitel ST conferencing component PHP vulnerability (CNVD-2018-07950)

Mitel Connect ONSITE and Mitel ST are both products of Mitel Corporation of Canada.Mitel Connect ONSITE is a unified communications management appliance.ST is a video conferencing product.conferencing component is one of the components with conferencing capabilities. A security vulnerability exis...

10CVSS7.3AI score0.0277EPSS
Exploits0References1
Gitee
Gitee
added 2018/03/27 5:12 p.m.12 views

Exploit for CVE-2017-8570

This repository contains a Proof of Concept PoC exploit for CVE-2017-8570, a vulnerability in Microsoft Office that allows an attacker to execute arbitrary code by embedding a malicious script in a Rich Text Format RTF file. The exploit uses the "Packager.dll" file-dropping trick to drop a ".sct"...

9.3CVSS7.5AI score0.89889EPSS
Exploits14
CNVD
CNVD
added 2017/12/15 12:0 a.m.3 views

DomainSale PHP Script SQL Injection Vulnerability

DomainSale PHP Script is a set of scripts for online domain name selling websites based on PHP and MySQL. A SQL injection vulnerability exists in DomainSale PHP Script version 1.0. The vulnerability can be exploited by remote attackers to inject SQL commands by sending the 'id' parameter to the...

9.8CVSS8.4AI score0.0305EPSS
Exploits1References1
CNVD
CNVD
added 2017/08/02 12:0 a.m.2 views

Rspamd Cross-Site Scripting Vulnerability

Rspamd is a fast spam filtering system. The system evaluates and filters spam through regular expressions, statistical analysis and blacklists. A cross-site scripting vulnerability exists in the interface/js/app/history.js file of the WebUI in versions of Rspamd prior to 1.6.3. A remote attacker...

6.1CVSS5.8AI score0.00673EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/13 12:0 a.m.4 views

FineCMS SQL Injection Vulnerability (CNVD-2017-15546)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. An SQL injection vulnerability exists in FineCMS versions 2017-07-12 and earlier. The vulnerability can be exploited by an attacker to obtain data from the database with the help of the...

8.8CVSS7.9AI score0.00997EPSS
Exploits1References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.48 views

Cisco Policy Suite Privilege Escalation Vulnerability

A vulnerability in a script file that is installed as part of the Cisco Policy Suite CPS Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file...

7.8CVSS7.9AI score0.0032EPSS
Exploits0References1
Prion
Prion
added 2017/02/15 3:59 p.m.21 views

Hardcoded credentials

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641...

7.2CVSS7.5AI score0.0115EPSS
Exploits5References2Affected Software1
CNVD
CNVD
added 2016/09/11 12:0 a.m.6 views

CSRF vulnerability in the latest version of beecms

beecms is an enterprise website management system based on PHP+Mysql architecture. The latest version of beecms has a CSRF vulnerability. Due to the failure of the add administrator form in the background to protect the token, adminadmin.php 102 lines to start processing add administrator, failed...

6.8AI score
Exploits0
0day.today
0day.today
added 2016/07/25 12:0 a.m.43 views

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a...

7.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2016/07/22 8:15 p.m.13 views

Kovter becomes almost file-less, creates a new file type, and gets some new certificates

Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their...

7.2AI score
Exploits0
Metasploit
Metasploit
added 2016/07/21 5:23 p.m.66 views

Drupal CODER Module Remote Command Execution

This module exploits a Remote Command Execution vulnerability in the Drupal CODER Module. Unauthenticated users can execute arbitrary commands under the context of the web server user. The CODER module doesn't sufficiently validate user inputs in a script file that has the PHP extension. A...

8.1AI score
Exploits0
Rows per page
Query Builder