Lucene search
+L

100 matches found

threatpost
threatpost
added 2017/10/09 11:0 a.m.11 views

FormBook Malware Targets U.S. Defense Contractors, Aerospace and Manufacturing Sectors

Attackers spreading new malware called FormBook are singling out aerospace firms, defense contractors and some manufacturing organizations in the United States and South Korea. According to researchers at FireEye, FormBook was spotted in several high-volume distribution campaigns targeting the U....

7.3AI score
Exploits0References3
cnvd
cnvd
added 2017/06/16 12:0 a.m.3 views

Multiple Vulnerabilities in Aerohive HiveOS

Aerohive HiveOS is a set of operating systems for use in wireless access points and routers from Aerohive. Aerohive HiveOS suffers from local file inclusion and remote command execution vulnerabilities that could be exploited by an attacker to obtain sensitive information or execute arbitrary...

7.5AI score
Exploits0References1
ubuntucve
ubuntucve
added 2017/04/12 12:0 a.m.22 views

CVE-2017-3138

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...

6.5CVSS6.8AI score0.05478EPSS
Exploits0References3
cnvd
cnvd
added 2016/03/18 12:0 a.m.2 views

iTop Remote Code Execution Vulnerability

iTop is open source ITIL ITSM software. A remote code execution vulnerability exists in iTop. Allowing an attacker to execute arbitrary system commands on a web server to obtain complete vulnerable web applications and databases may contain very sensitive information...

8.6AI score
Exploits0References1
wpvulndb
wpvulndb
added 2015/06/26 12:0 a.m.13 views

Multiple Themes - Privilige Escalation

The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on th...

6.5CVSS3.9AI score0.01488EPSS
Exploits3References2Affected Software4
patchstack
patchstack
added 2015/06/26 12:0 a.m.13 views

WordPress Pont Theme <= 1.5 - Privilige Escalation

Because of this privilege escalation vulnerability, the attackers can update options and execute commands on the server. Solution Update the theme...

5.5AI score
Exploits0References1Affected Software1
jvn
jvn
added 2014/07/15 5:44 a.m.5 views

Cybozu Garoon CGI vulnerable to remote command execution

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

10CVSS7.1AI score0.0324EPSS
Exploits0References5
seebug
seebug
added 2014/07/01 12:0 a.m.24 views

WebMaster ConferenceRoom 1.8 Developer Edition DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2178/info WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation...

7.1AI score
Exploits0
nessus
nessus
added 2013/11/26 12:0 a.m.21 views

Mandriva Linux Security Advisory : perl-HTTP-Body (MDVSA-2013:282)

Updated perl-HTTP-Body package fixes security vulnerability : Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...

6.8CVSS5.7AI score0.02877EPSS
Exploits0References2
jvn
jvn
added 2009/09/11 7:36 a.m.1 views

Webservice-DIC yoyaku_v41 vulnerable to command injection

Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Keigo Yamazaki of LAC Co.,...

7.5CVSS7.3AI score
Exploits0References3
nmap
nmap
added 2009/06/08 11:21 p.m.137 views

imap-capabilities NSE Script

Retrieves IMAP email server capabilities. IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command allows a client to ask a server what commands it supports and possibly any site-specific policy. Script Arguments smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See...

10CVSS0.4AI score0.99448EPSS
Exploits33
openvas
openvas
added 2005/11/03 12:0 a.m.29 views

PGPMail.pl detection

The 'PGPMail.pl' CGI is installed. Some versions up to v1.31 a least of this CGI do not properly filter user input before using it inside commands. This would allow a cracker to run any command on your server. Note: OpenVAS just checked the presence of this CGI but did not try to exploit the flaw...

7.5CVSS6.6AI score0.01875EPSS
Exploits0
osv
osv
added 2005/08/01 4:0 a.m.1 views

DEBIAN-CVE-2005-2411

Cross-Site Request Forgery CSRF vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user...

5.1CVSS7.3AI score0.01911EPSS
Exploits0References1
exploitpack
exploitpack
added 2004/12/06 12:0 a.m.14 views

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application...

0.3AI score
Exploits0
exploitdb
exploitdb
added 2003/02/27 12:0 a.m.20 views

Invision Board 1.1.1 - &#039;ipchat.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used in URI...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/02/09 12:0 a.m.11 views

Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion

Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is...

0.1AI score
Exploits0
exploitdb
exploitdb
added 2003/02/09 12:0 a.m.42 views

Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion

source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'emailreaderexecuteoneachpage.inc.php' script. Under some...

7.4AI score
Exploits0
slackware
slackware
added 2002/01/21 2:15 p.m.18 views

Security updates: at, sudo, xchat

New packages are now available to address security issues with the at scheduler program found in Slackware 8.0's bin.tgz package, sudo, and xchat. Here's the information from the Slackware 8.0 ChangeLog: Mon Jan 21 13:21:07 PST 2002 patches/packages/at.tgz: Fixed a buffer overflow. Security fix...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/12/07 12:0 a.m.24 views

Дырка в mailman

Недостаточная проверка ввода пользователя на наличие shell-символов дает возможность администраторам списков выполнять команды на сервере...

0.4AI score
Exploits0References1Affected Software1
exploitdb
exploitdb
added 2000/05/18 12:0 a.m.29 views

Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Remote Buffer Overflow

Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 Buffer Overflow source: https://www.securityfocus.com/bid/1229/info The code that handles the 'rcpt to' 'saml from' and 'soml from' commands in the ESMTP service of Lotus Domino Server has an unchecked buffer. If Lotus...

7.4AI score
Exploits0
Rows per page
Query Builder