Lucene search
K

113 matches found

NVD
NVD
added 2019/03/21 4:0 p.m.34 views

CVE-2018-15818

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

7.5CVSS7.5AI score0.02049EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.19 views

WordPress 3.8.x < 3.8.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...

9.8CVSS7.6AI score0.13385EPSS
Exploits2References11
CNVD
CNVD
added 2018/10/25 12:0 a.m.3 views

Code Execution Vulnerability in Ctcms Movie & TV System Backend

Ctcms is a fast website building system that runs on PHP+MYSQL environment. Code execution vulnerability exists in the backend of Ctcms movie and TV system. It allows attackers to upload exp files, execute commands, and gain server privileges...

7.5AI score
Exploits0
CNVD
CNVD
added 2018/08/30 12:0 a.m.1 views

PHP7CMS has a file upload vulnerability

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS has a file upload vulnerability. Allows attackers to upload webshell and gain server privileges...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.66 views

JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection

QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. Impact An attacker may execute an arbitrary OS command with the web server's execution privilege. Solution Consider stop using QQQ SYTEMS 2.24 Sinc...

10CVSS9.8AI score0.02703EPSS
Exploits0
CERT
CERT
added 2016/02/25 12:0 a.m.42 views

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...

9.8CVSS8.2AI score0.03096EPSS
Exploits0References4
htbridge
htbridge
added 2016/01/13 12:0 a.m.518 views

Remote Code Execution in Exponent

High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...

10CVSS9.8AI score0.06636EPSS
Exploits3Affected Software1
UbuntuCve
UbuntuCve
added 2014/09/30 12:0 a.m.167 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS7.5AI score0.99621EPSS
Exploits31References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Brian Stanback bsguest.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2159/info An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors. The script fails to properly filter ';' characters from the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Greg Matthews Classifieds.cgi 1.0 Hidden Variable Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Greg Matthews Classifieds.cgi 1.0 Metacharacter Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2020/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to read files on the host...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Jason Maloney's Guestbook 3.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Headline Portal Engine 0.x/1.0 HPEInc Parameter Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2010/06/25 12:0 a.m.12 views

Nakid CMS <= 0.5.2 RFI Vulnerability

Nakid CMS is prone to a remote file inclusion RFI vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

5.1CVSS6.8AI score0.0252EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2009/05/25 12:0 a.m.28 views

Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion

The version of Coppermine Photo Gallery installed on the remote host fails to filter user-supplied input to the 'GLOBALSUSERlang' parameter of the 'index.php' script before using it to include PHP code in 'includes/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an...

6.3AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/28 12:0 a.m.50 views

JVN#20502807 Snoopy command injection vulnerability

Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...

10CVSS8.5AI score0.08985EPSS
Exploits4
Exploit DB
Exploit DB
added 2008/10/13 12:0 a.m.46 views

Oracle Database Server 11.1 - &#039;CREATE ANY Directory&#039; Privilege Escalation

source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA privileges on the vulnerable database server. This issue affects Oracle...

7.4AI score
Exploits0
OSV
OSV
added 2006/07/18 12:0 a.m.27 views

DSA-1113 zope2.7 - programming error

Bulletin has no description...

2.1CVSS6AI score0.00422EPSS
Exploits0
Packet Storm
Packet Storm
added 2006/04/01 12:0 a.m.24 views

mediaslashInclude.txt

author: Moroccan Security Team Vendor: www.MediaSlash.com Vendor Contacted greetz to : Moroccan Security Team CiM-TeaM and All Freinds Google : Powered by MediaSlash.com Details: MediaSlash Galleryis is vulnerable to remote URL inclusion vulnerability This flaw is due to an input validation error...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/05 12:0 a.m.20 views

Web4Future Portal Solutions - &#039;Arhiva.php&#039; Directory Traversal

source: https://www.securityfocus.com/bid/15718/info Portal Solutions is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. This issue may be leveraged to read arbitrary files on an affected computer with the privileges of the Web...

7AI score
Exploits0
Rows per page
Query Builder