Lucene search
K

313 matches found

hackerone
hackerone
added 2016/06/21 11:14 p.m.33 views

Uber: Server version disclosure: team.uberinternal.com

In the HTTP response header from team.uberinternal.com, the nginx web server version is disclosed. HTTP/1.1 301 Moved Permanently Server: nginx/1.8.1 Date: Tue, 21 Jun 2016 22:45:53 GMT Content-Type: text/html Content-Length: 184 Connection: keep-alive Location: https://team.uberinternal.com/...

0.8AI score
Exploits0
openvas
openvas
added 2016/06/16 12:0 a.m.26 views

TUTOS phpinfo() Information Disclosure (HTTP) - Active Check

TUTOS allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

5CVSS6.7AI score0.07543EPSS
Exploits1
hackerone
hackerone
added 2016/03/15 8:0 a.m.17 views

Veris: Server and PHP version Disclosed in Response Header

Server Version and OS Version Disclosure issue...

1.3AI score
Exploits0
hackerone
hackerone
added 2016/03/12 11:21 p.m.22 views

New Relic: Server Side Browsing - localhost open port enumeration

Hi again to all, I've found that is possible to scan all the open ports and network information of internal instances of your amazon DC that are related with synthetics monitors. NOTE: I do not have a pro account so I can use the more advanced synthetics functions or the Insights db query to get...

0.1AI score
Exploits0
hackerone
hackerone
added 2016/03/01 9:18 a.m.19 views

LeaseWeb: Server version is disclosure in http://leasewebnoc.com/

Hello Leaseweb It's my same report but it's for different web application http://leasewebnoc.com here is sever version disclosure in http://leasewebnoc.com as when I have request about .htaccess , that returns result of forbidden but following server version publicly disclosure. Apache/2.2.22...

1.4AI score
Exploits0
nessus
nessus
added 2016/01/29 12:0 a.m.699 views

Web Server Error Page Information Disclosure

The default error page sent by the remote web server discloses information that can aid an attacker, such as the server version and languages used by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

5.5AI score
Exploits0
openvas
openvas
added 2016/01/25 12:0 a.m.32 views

Oracle Database Server Multiple Unspecified Vulnerabilities -07 (Jan 2016)

Oracle Database Server is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.6AI score0.83175EPSS
Exploits8References4
seebug
seebug
added 2014/07/01 12:0 a.m.16 views

Simple Web Server Connection Header Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.29 views

ACC IMoveis 4.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title : iMoveis SQL Injection Vulnerability Date : 26/10/2010 Author : EraGoN Software link : http://baixar7.com/download/acc-imoveis-script-php.rar/3d1e7bf4b9 Version : 1.1 Tested on : Linux / Windows XP Dork : inurl:imoveis.php?id= Error You have an...

7.1AI score
Exploits0
hackerone
hackerone
added 2014/03/17 12:14 p.m.17 views

OkCupid: Server leaks version number

Severity: Low Summary: The Web Server's banner contains the version number of the server - OKWS/3.1.19.0. The version number found is 3.1.19.0 at okcupid.com/ HTTP/1.1...

6.9AI score
Exploits0
nessus
nessus
added 2014/03/03 12:0 a.m.449 views

DNS Server Version Detection

Nessus was able to obtain version information by sending a special TXT record query to the remote host. Note that this version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file. C Tenable Network Security, Inc...

5.5AI score
Exploits0
redhat
redhat
added 2014/02/19 6:45 p.m.4 views

mysql: command-line tool buffer overflow via long server version string

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.5CVSS7AI score0.06353EPSS
Exploits0References4
redhat
redhat
added 2014/02/18 5:55 p.m.4 views

mysql: command-line tool buffer overflow via long server version string

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.5CVSS7AI score0.06353EPSS
Exploits0References4
redhat
redhat
added 2014/02/13 6:33 p.m.4 views

mysql: command-line tool buffer overflow via long server version string

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.5CVSS7AI score0.06353EPSS
Exploits0References4
redhat
redhat
added 2014/02/12 6:22 p.m.4 views

mysql: command-line tool buffer overflow via long server version string

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.5CVSS7AI score0.06353EPSS
Exploits0References4
seebug
seebug
added 2014/02/08 12:0 a.m.45 views

AuraCMS多个SQL注入漏洞

CVE ID:CVE-2014-1401 auraCMS是一款基于PHP的WEB应用程序。 AuraCMS存在SQL注入漏洞。由于在程序SQL查询使用之前未能充分过滤未明的输入,允许远程攻击者在后端数据库中注入或操纵SQL查询,允许任意数据的操纵或披露。 0 Auracms 2.3 厂商补丁: Auracms ----- 1月30日后更新的Auracms 2.3版本以修复此漏洞,建议用户下载使用: http://auracms.org 1.The exploitation example below displays version of MySQL server:...

6.5CVSS6.5AI score0.02982EPSS
Exploits5
cvelist
cvelist
added 2014/01/31 11:0 p.m.60 views

CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.3AI score0.06353EPSS
Exploits0References15
htbridge
htbridge
added 2014/01/30 12:0 a.m.141 views

SQL Injection in AdRotate

High-Tech Bridge Security Research Lab discovered vulnerability in AdRotate, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in AdRotate: CVE-2014-1854 The vulnerability exists due to insufficient validation of "track" HTTP GET parameter passed to...

7.5CVSS1.5AI score0.05412EPSS
Exploits7Affected Software1
seebug
seebug
added 2014/01/09 12:0 a.m.33 views

Horizon QCMS "/download.php" SQL注入漏洞

CVE ID:CVE-2013-7139 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/download.php"脚本的"category" HTTP POST参数未被正确过滤,未经身份验证的远程攻击者可以在应用数据库中执行任意SQL命令。 0 Horizon QCMS=4.0 厂商补丁: Horizon ----- Horizon 4.0版本以修复此漏洞,建议用户下载使用: http://sourceforge.net/projects/hnqcms/files/patches/ The exploitatio...

7.5CVSS6.5AI score0.01045EPSS
Exploits7
openvas
openvas
added 2013/08/19 12:0 a.m.16 views

Telnet-Ftp Server Directory Traversal Vulnerability

The host is running Telnet-Ftp server and is prone to directory traversal vulnerabilities. OpenVAS Vulnerability Test $Id: gbtelnetftpserverdirtravvun.nasl 6086 2017-05-09 09:03:30Z teissa $ Telnet-Ftp Server Directory Traversal Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2013...

0.3AI score
Exploits0References2
Rows per page
Query Builder