Lucene search
+L

247 matches found

Packet Storm
Packet Storm
added 2016/07/26 12:0 a.m.45 views

Drupal CODER Module Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a Remote Command Execution vulnerability in Drupal CODER...

Exploits0
Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.66 views

TWiki 'debugenableplugins' Parameter RCE

The version of TWiki installed on the remote host is affected by a remote code execution vulnerability due to a failure to properly sanitize user-supplied input to the 'debugenableplugins' parameter upon submission to the 'view' script. A remote, unauthenticated attacker can exploit this issue to...

9.1CVSS9AI score0.55637EPSS
Exploits12References3
Tenable Nessus
Tenable Nessus
added 2015/02/25 12:0 a.m.28 views

X2Engine < 4.0 ProfileController.php Unrestricted File Upload Vulnerability

According to its version number, the X2Engine application installed on the remote web server is prior to version 4.0. It is, therefore, potentially affected by a file upload vulnerability in the '/protected/controllers/ProfileController.php' script. An attacker can exploit this issue to upload...

8.8CVSS8.3AI score0.02906EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/10/13 4:41 p.m.8 views

apache-poi: XML eXternal Entity (XXE) flaw

It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity...

4.3CVSS6.7AI score0.13258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/23 6:10 p.m.7 views

Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing

It was found that Teiid SQL/XML permitted XML eXternal Entity XXE attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user...

4.3CVSS5.8AI score0.01964EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/08/11 8:0 p.m.29 views

CVE-2014-3333

The server in Cisco Unity Connection 9.11 and 9.12 allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014...

6AI score0.0313EPSS
Exploits0References6
exploitpack
exploitpack
added 2014/03/01 12:0 a.m.35 views

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/12/27 12:0 a.m.38 views

VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX (remote check)

VMware ESXi and ESX unauthorized file access through vCenter Server and ESX OpenVAS Vulnerability Test $Id: gbVMSA-2013-0016remote.nasl 6074 2017-05-05 09:03:14Z teissa $ VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX remote check Authors: Michael Meyer...

4.4CVSS0.7AI score0.00353EPSS
Exploits0References1
CERT
CERT
added 2013/06/07 12:0 a.m.175 views

Parallels Plesk Panel phppath/php vulnerability

Overview Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. Description Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been...

9.8CVSS10AI score0.99998EPSS
Exploits42References8
Tenable Nessus
Tenable Nessus
added 2013/05/03 12:0 a.m.47 views

W3 Total Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

The W3 Total Cache Plugin for WordPress installed on the remote host is affected by a remote PHP code execution vulnerability due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can submit a comment to a WordPress blog containing arbitrary PHP code. The...

9.8CVSS9.3AI score0.73862EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2013/02/25 12:0 a.m.43 views

TWiki < 5.1.4 MAKETEXT Variable Tilde Character Command Injection

According to its version number, the instance of TWiki running on the remote host is affected by a command injection vulnerability. The '%MAKETEXT%' variable fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to execute arbitrary shell commands on the remote...

10CVSS8.7AI score0.04872EPSS
Exploits0References2
Metasploit
Metasploit
added 2013/01/22 12:26 p.m.32 views

ZoneMinder Video Server packageControl Command Execution

This module exploits a command execution vulnerability in ZoneMinder Video Server version 1.24.0 to 1.25.0 which could be abused to allow authenticated users to execute arbitrary commands under the context of the web server user. The 'packageControl' function in the 'includes/actions.php' file...

7.5CVSS7.2AI score0.47895EPSS
Exploits2
exploitpack
exploitpack
added 2011/02/11 12:0 a.m.29 views

Horde - Horde_Image::factory driver Argument Local File Inclusion

Horde - HordeImage::factory driver Argument Local File Inclusion Exploit Title: Horde HordeImage::factory driver Argument Local File Inclusion Google Dork: intitle:horde Date: 10-02-2011 Author: skysbsb Software Link: http://www.horde.org/download/ Version: Horde 3.3.2 Tested on: linux CVE :...

6.4CVSS0.1AI score0.41263EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2011/01/12 12:0 a.m.28 views

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...

6.8CVSS6.2AI score0.06055EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2010/11/29 12:0 a.m.31 views

RSForm! Component for Joomla! 'lang' Parameter Local File Include

The version of the RSForm! component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'lang' parameter before using it in the forme.php script to include PHP code. An unauthenticated, remote attacke...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2010/11/29 12:0 a.m.73 views

vtiger CRM phprint.php lang_crm Parameter Local File Inclusion

The version of vtiger CRM installed on the remote host does not sanitize user input to the 'langcrm' parameter of the 'phprint.php' script before using it to include PHP code. An unauthenticated, remote attacker may be able to leverage this issue to view arbitrary files or possibly execute...

6.8CVSS6.3AI score0.07373EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2010/09/17 12:0 a.m.96 views

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...

7.5CVSS5.9AI score0.75838EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2010/03/22 12:0 a.m.25 views

eFront 'langname' Parameter Traversal Local File Inclusion

The version of eFront running on the remote web server is affected by a local file inclusion vulnerability due to improper sanitization of user-supplied input to the 'langname' parameter of the language.php script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting,...

6.8CVSS6AI score0.0506EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2010/02/20 12:0 a.m.62 views

Scriptegrator Plugin for Joomla! 'files[]' Parameter Remote File Include

The version of the Core Design Scriptegrator plugin for Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'files' parameter before using it in the cdscriptegrator/libraries/highslide/js/jsloader.php...

7.5CVSS7.8AI score0.15242EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/01/29 12:0 a.m.15 views

TinyBrowser Component for Joomla! 'tinybrowser_lang' Cookie Local File Include

The version of the TinyBrowser component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'tinybrowserlang' cookie before using it in the tinymce/plugins/tinybrowser/folders.php script to include PH...

6.1AI score
Exploits0References1
Rows per page
Query Builder