Lucene search
K

985 matches found

CNVD
CNVD
added 2015/07/07 12:0 a.m.1 views

Hangzhou Boce Network Technology Co., Ltd. station-building system / bocadmin/j/uploadify.php there are arbitrary file upload vulnerability

BOC is a system of Hangzhou Bocai Network Technology Co., Ltd. that provides professional website construction services. The website building system /bocadmin/j/uploadify.php of Hangzhou Bocai Network Technology Co., Ltd. has an arbitrary file upload vulnerability, which allows an attacker to...

7.3AI score
Exploits0References1
NVD
NVD
added 2015/06/28 7:59 p.m.12 views

CVE-2015-0550

Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors...

8.5CVSS6.7AI score0.04364EPSS
Exploits0References2
Prion
Prion
added 2015/06/28 7:59 p.m.13 views

Directory traversal

Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors...

8.5CVSS7.2AI score0.04364EPSS
Exploits0References2Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2015/06/12 9:5 p.m.38 views

Security update for cups (critical)

This update fixes the following issues: - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on server CUPS STR4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159 bugzilla.suse.com bsc924208. In genera...

10CVSS0.8AI score0.29913EPSS
Exploits11References1
CNVD
CNVD
added 2015/06/10 12:0 a.m.2 views

Bonita BPM Path Traversal Vulnerability

Bonita BPM is an open source business process management - workflow suite. A path traversal vulnerability exists in Bonita BPM. Since the input passed to the "bonita/portal/themeResource" URL via the "theme" and "location" HTTP GET parameters is not properly validated as part of the used filename...

5CVSS7AI score0.17681EPSS
Exploits5References1
CNVD
CNVD
added 2015/04/02 12:0 a.m.3 views

SAP Mobile Platform XXE Information Disclosure Vulnerability (CNVD-2015-02245)

SAP Mobile Platform is an enterprise mobility platform. SAP Mobile Platform suffers from an XXE External Entity Reference vulnerability that allows remote attackers to submit special XML to send requests to an internal server to obtain sensitive information...

5CVSS6.8AI score0.01135EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2015/03/10 2:59 p.m.36 views

CVE-2014-8105

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors...

5CVSS7.1AI score0.02108EPSS
Exploits0References1
Hacker One
Hacker One
added 2015/03/08 1:5 a.m.61 views

Phabricator: Server Side Request Forgery in macro creation

mongoose just getting it out of the way ; Hi, I would like to report a Server Side Request Forgery SSRF 1 in the meme creation section of the phabricator software 2. SSRF is a vulnerability allowing requests to be made from the context of the server. This could allow an attacker to gain access to...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.63 views

WordPress 3 persistent script injection

OVERVIEW ======== A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default. The JavaScript injected into a comment is executed when the targe...

6.7AI score
Exploits0
Prion
Prion
added 2014/10/15 2:55 p.m.22 views

Authorization

Requests aka python-requests before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request...

5CVSS7AI score0.022EPSS
Exploits0References6Affected Software4
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.34 views

Amazon Linux AMI : php-ZendFramework (ALAS-2014-377)

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...

7.5CVSS8.6AI score0.02802EPSS
Exploits0References7
seebug.org
seebug.org
added 2014/10/10 12:0 a.m.34 views

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

No description provided by source. DrayTek VigorACS SI = 1.3.0 Vigor ACS-SI Edition is a Central Management System for DrayTek routers and firewalls, providing System Integrators or system administration personnel a real-time integrated monitoring, configuration and management platform...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/07/07 12:0 a.m.54 views

PostgreSQL 'make check' Local Privilege Escalation Vulnerability (Jul 2014) - Windows

PostgreSQL is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.6CVSS9.1AI score0.00484EPSS
Exploits1References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

betaparticle blog 2.0/3.0 upload.asp Unauthenticated File Upload

No description provided by source. source: http://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

ActivePerl 5.6.1 perlIIS.dll Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3526/info ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a DLL called 'perlIIS.dll'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

HP Web Jetadmin 7.5.2456 setinfo.hts Script Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9972/info It has been reported that HP Web JetAdmin may be prone to a directory traversal vulnerability allowing remote attackers to access information outside the server root directory. The problem exists due to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

FileZilla 2.2.15 FTP Client Hard-Coded Cipher Key Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.39 views

Cloupia End-to-end FlexPod Management Directory Traversal

No description provided by source. Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload

No description provided by source. Exploit Title: XODA Document Management System Stored XSS & Arbitrary File Upload Vulnerability. Date: 21/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://xoda.org/ Software Link: http://sourceforge.net/projects/xoda/files/xoda/xoda-0.4.5/...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.18 views

openSUSE Security Update : rdesktop (openSUSE-SU-2011:0528-1)

A malicious server could access any file on clients connecting to it if the client shared some ressource CVE-2011-1595. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rdesktop-4545. The text...

4.3CVSS5.3AI score0.01094EPSS
Exploits1References4
Rows per page
Query Builder