Lucene search
K

176 matches found

CVE
CVE
added 2024/11/02 12:0 a.m.11 views

CVE-2024-48326

Portabilis i-Educar is affected (versions 2.8.0 and 2.9.0 referenced in connected sources). The vulnerability is a stored XSS in the nm_religiao parameter of the /intranet/educar_religiao_cad.php POST and /intranet/educar_religiao_lst.php?busca=S&nm_religiao= GET endpoints. An unauthenticated att...

Exploits1
CVE
CVE
added 2024/10/09 7:11 p.m.6 views

CVE-2021-26121

CVE-2021-26121 affects CSCart (CS-Cart Multivendor) via the templates.manage Server-Side Template Injection, enabling remote code execution. The root cause is lack of sandboxing in Smarty templates, allowing a shop admin (with at least Files privileges) to inject and execute code on the server. E...

Exploits2References1
CVE
CVE
added 2024/09/11 1:3 p.m.43 views

CVE-2023-39024

Harman Media Suite Portal Settings). An exploit/POC exists (C20FE0B5-806A-56; POC for CVE-2023-39024 and CVE-2023-39025) showing the vulnerability context. Note: whether other extensions like SSRF (CVE-2023-39025) are separately exploitable is indicated by the PoC, but the core CVE-2023-39024 de...

Exploits1
CVE
CVE
added 2024/09/09 6:22 p.m.6496 views

CVE-2024-37010

CVE-2024-37010 is an OwnCloud external-storage IDOR vulnerability where an authenticated user can modify another user’s external storage configuration without proper rights verification. The exploit description demonstrates that updating the target's external storage can change the storage’s name...

Exploits1
CVE
CVE
added 2024/08/30 12:0 a.m.8 views

CVE-2024-42587

CVE-2024-42587 is linked to SSTI in Jinja2 affecting promptify v2.0.3, per PT-2024-30049/PT-2024-30050 entries. The connected docs identify the issue type (SSTI) and component/version but do not provide further technical details, root cause specifics, exploitability, or remediation guidance. No e...

Exploits1References2
CVE
CVE
added 2024/08/30 12:0 a.m.7 views

CVE-2024-42588

CVE-2024-42588 affects promptify 2.0.3 with a remote code execution (RCE) issue labeled in PT-2024-30049/30050 entries as “RCE” associated with eval. The connected docs do not provide exploit details, affected vectors beyond the component/version, or remediation steps. No explicit root cause desc...

Exploits1References2
CVE
CVE
added 2024/08/26 12:0 a.m.7 views

CVE-2024-41312

CVE-2024-41312 corresponds to a Stored XSS in InstantCMS, evidenced by a public exploit referencing InstantCMS 2.16.3. The vulnerability occurs via image metadata during the photos upload flow (e.g., embedding payload in the Camera Model Name field) and is triggered when accessing a crafted URL l...

Exploits1
CVE
CVE
added 2024/08/11 9:51 p.m.47 views

CAN-2005-1921

CVE-2005-1921 is tied to PHPXMLRPC (XML-RPC for PHP), with a remote code execution flaw in the PHPXMLRPC library. Affected product/version: PHPXMLRPC

0.79071EPSS
Exploits5
CVE
CVE
added 2024/08/11 9:49 p.m.19 views

CAN-2005-2095

CAN-2005-2095 affects SquirrelMail (PHP4)

0.04242EPSS
Exploits2
CVE
CVE
added 2024/08/10 11:40 p.m.24 views

CAN-2005-2265

Technical details for CVE-2005-2265 are not publicly available in the provided documents. Monitor for updates from trusted sources.

0.68097EPSS
Exploits3
CVE
CVE
added 2024/08/06 10:51 a.m.17 views

CAN-2002-0662

CVE-2002-0662 affects ScrollKeeper, specifically versions 0.3 to 0.3.11, where scrollkeeper-get-cl creates temporary files insecurely in /tmp. This enables local users to fabricate or overwrite files via a symlink attack on the scrollkeeper-tempfile.x files, as described in Debian advisory DSA-16...

0.00393EPSS
Exploits1
CVE
CVE
added 2024/08/06 10:41 a.m.11 views

CAN-2003-0108

CVE-2003-0108 corresponds to isakmp_sub_print in tcpdump versions 3.6 through 3.7.1, where a remote attacker can cause a denial of service (CPU consumption) by sending a malformed ISAKMP packet to UDP port 500, potentially triggering an infinite loop. The connected advisories confirm tcpdump as a...

0.11342EPSS
Exploits4
CVE
CVE
added 2024/08/06 10:41 a.m.14 views

CAN-2003-0085

CVE-2003-0085 is a Samba nttrans buffer overflow affecting Samba 2.2.2–2.2.6 where a bug in the length checking of encrypted password change requests enabled an unauthenticated remote attacker to potentially execute code with root privileges. Public exploit material exists (e.g., Metasploit modul...

0.87923EPSS
Exploits6
CVE
CVE
added 2024/08/06 10:40 a.m.26 views

CAN-2003-0127

Technical details for CVE-2003-0127 are not publicly provided in the supplied documents. No affected products, root cause, or fixes are described here; monitor for future updates.

0.01584EPSS
Exploits5
CVE
CVE
added 2024/08/06 10:39 a.m.17 views

CAN-2003-0201

Samba

0.84502EPSS
Exploits23
CVE
CVE
added 2024/08/06 10:38 a.m.21 views

CAN-2003-0001

CVE-2003-0001 is referenced across multiple connected documents as an Etherleak-related memory disclosure related to Juniper Networks Junos OS and associated PTX/QFX platforms. The Juniper JSA69720 advisory cites two vulnerabilities: Etherleak due to insufficient Ethernet frame padding in NIC dri...

0.73006EPSS
Exploits15
CVE
CVE
added 2024/08/06 10:37 a.m.20 views

CAN-2003-0213

PoPToP PPTP server vulnerable to a remote buffer overflow (CVE-2003-0213) via ctrlpacket.c. A length field of 0 or 1 feeds a negative value into the read, causing potential buffer overflow and remote code execution or denial of service. Affected versions are PoPToP PPTP server prior to 1.1.4-b3. ...

0.71026EPSS
Exploits7
CVE
CVE
added 2024/08/06 10:37 a.m.9 views

CAN-2003-0150

CAN-2003-0150 (MySQL) describes a vulnerability in MySQL versions up to and including 3.23.55 where a malicious user could cause the server to run as root by injecting a crafted configuration file. The root cause is the server loading configuration data from files that could be written by or writ...

0.44831EPSS
Exploits4
CVE
CVE
added 2024/08/06 10:31 a.m.15 views

CAN-2003-0536

CVE-2003-0536 is evidenced in connected docs as a directory traversal flaw in phpSysInfo (and related packages) up to version 2.4 and earlier, enabling remote file inclusion via .. sequences in sensor_program or _SERVER[HTTP_ACCEPT_LANGUAGE], potentially allowing reading of arbitrary files and, i...

0.01473EPSS
Exploits1
CVE
CVE
added 2024/08/06 10:26 a.m.13 views

CAN-2003-0705

CVE-2003-0705 affects mah-jong (1.5.6 and earlier). The flaw is a buffer overflow that could be triggered remotely to execute arbitrary code with the privileges of the mah-jong server/user process. Public sources in the provided documents confirm the vulnerability and its remote-execution impact,...

0.0493EPSS
Exploits3
Rows per page
Query Builder