Lucene search
K

43 matches found

NVD
NVD
added 2022/08/17 12:15 a.m.23 views

CVE-2022-1401

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...

7.5CVSS0.18001EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.9 views

Fortinet FortiOS 路径遍历漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. A path...

7.5CVSS5.7AI score0.0155EPSS
Exploits0References5
CNVD
CNVD
added 2021/05/25 12:0 a.m.6 views

emlog SQL Injection Vulnerability

emlog is a powerful blog and CMS builder based on PHP and MySQL. A SQL injection vulnerability exists in emlog version 6.0.0-stable. An attacker can exploit this vulnerability to execute arbitrary SQL statements and query sensitive server data via admin/navbar.php?action=addpage...

8.8CVSS8.1AI score0.00982EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/02 12:0 a.m.5 views

Arbitrary File Read Vulnerability in SDCMS

SDCMS is a PHP 3-in-1 website management system. SDCMS has an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive server information...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/02/24 12:0 a.m.11 views

VMware vSphere Client Server-Side Request Forgery Vulnerability

VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...

5.3CVSS6.5AI score0.88012EPSS
Exploits8References1
CNVD
CNVD
added 2020/07/05 12:0 a.m.3 views

File Containment Vulnerability in MetInfo v5.0.4 of Changsha Mito Information Technology Co.

Mito enterprise building system MetInfo is a free and open source enterprise CMS. Changsha Mito Information Technology Co., Ltd MetInfo v5.0.4 version of the file contains a vulnerability that can be exploited by attackers to view sensitive server files...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/04/14 12:0 a.m.1 views

Arbitrary File Download Vulnerability in WMCMS

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS has an arbitrary file download vulnerability that can be exploited by attackers to download sensitive server files...

7.1AI score
Exploits0
OSV
OSV
added 2019/05/07 7:29 p.m.4 views

CVE-2018-19456

The WP Backup+ aka WPbackupplus plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql...

7.5CVSS5.8AI score0.01753EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/30 12:0 a.m.3 views

Arbitrary File Read Vulnerability in PowerEasy SmartGov

PowerEasy government website management system PowerEasy SmartGov is a complete set of government portal application solutions provided by PowerEasy according to the actual application requirements of the government. An arbitrary file read vulnerability exists in PowerEasy SmartGov. An attacker c...

6.8AI score
Exploits0
NVD
NVD
added 2016/04/11 3:59 p.m.20 views

CVE-2016-3065

The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...

9.1CVSS8.9AI score0.03347EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/04/11 3:0 p.m.31 views

CVE-2016-3065

The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...

8.9AI score0.03347EPSS
Exploits0References4
CNVD
CNVD
added 2015/12/03 12:0 a.m.3 views

U-Mail Mail System Arbitrary File Containment Vulnerability

U-mail is a mail service system. The U-Mail mail system suffers from an arbitrary file inclusion vulnerability, which allows an attacker to exploit the vulnerability to download and view arbitrary files and obtain sensitive server information...

6.9AI score
Exploits0References1
The Hacker News
The Hacker News
added 2015/08/20 9:42 p.m.13 views

Multiple Flaws Exposed in Pocket Add-on for Firefox

With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company’s servers ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

id software quake ii server 3.2 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Nuked-Klan 1.3 - Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficien...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/05/20 1:13 a.m.73 views

Mail.ru: XXE and SSRF on webmaster.mail.ru

SSRF request: POST /domain/metadata HTTP/1.1 Host: webmaster.mail.ru User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:29.0 Gecko/20100101 Firefox/29.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate...

0.1AI score
Exploits0
Prion
Prion
added 2013/04/07 5:55 p.m.13 views

Information disclosure

IBM Scale Out Network Attached Storage SONAS 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine...

3.5CVSS6.3AI score0.00713EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/04/07 5:0 p.m.21 views

CVE-2012-0706

IBM Scale Out Network Attached Storage SONAS 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine...

5.8AI score0.00713EPSS
Exploits0References2
CVE
CVE
added 2007/10/17 1:0 a.m.61 views

CVE-2003-1371

CVE-2003-1371 affects Nuked-Klan up to version 1.3b (and possibly earlier). A remote attacker can trigger phpinfo via the op parameter in the Team, News, or Liens modules, causing information disclosure about the server. The available documents do not specify a fixed patch or remediation. If need...

4.3CVSS6.5AI score0.0332EPSS
Exploits1References3Affected Software1
Exploit DB
Exploit DB
added 2004/10/27 12:0 a.m.27 views

ID Software Quake II Server 3.2 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An attacker may leverage these issues...

7AI score
Exploits0
Rows per page
Query Builder