Lucene search
K

6420 matches found

Prion
Prion
added 2008/07/09 11:41 p.m.13 views

Design/Logic Flaw

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...

7.5CVSS6.8AI score0.06811EPSS
Exploits0References21Affected Software2
UbuntuCve
UbuntuCve
added 2008/07/09 11:41 p.m.25 views

CVE-2008-3115

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...

7.5CVSS6.2AI score0.06811EPSS
Exploits0References1
Cvelist
Cvelist
added 2008/07/09 11:0 p.m.25 views

CVE-2008-3115

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...

8.9AI score0.06811EPSS
Exploits0References21
Prion
Prion
added 2008/06/10 12:32 a.m.15 views

Code injection

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

10CVSS7.8AI score0.0386EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2008/06/10 12:32 a.m.33 views

CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

10CVSS7.2AI score0.0386EPSS
Exploits0References5
Cvelist
Cvelist
added 2008/06/10 12:0 a.m.40 views

CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

7.2AI score0.0386EPSS
Exploits0References5
CVE
CVE
added 2008/06/10 12:0 a.m.72 views

CVE-2008-2638

CVE-2008-2638 affects 1Book 1.0.1 and earlier . The vulnerability is in guestbook.php : remote attackers can upload arbitrary PHP code via the message parameter of an HTML web form, which is written to data.php . The CVSS vector (as per NVD) indicates _network-based, low complexity, no auth with ...

10CVSS7.2AI score0.0386EPSS
Exploits0References5Affected Software1
FreeBSD
FreeBSD
added 2008/05/28 12:0 a.m.22 views

py-pylons -- Path traversal bug

Pylons team reports: The error.py controller uses paste.fileapp to serve the static resources to the browser. The default error.py controller uses os.path.join to combine the id from Routes with the media path. Routes prior to 1.8 double unquoted the PATHINFO, resulting in FileApp returning files...

1.3AI score
Exploits0References1
Prion
Prion
added 2008/05/14 5:20 p.m.11 views

Code injection

Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS aka itcms 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter...

10CVSS7.8AI score0.03744EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2008/05/14 5:0 p.m.45 views

CVE-2008-2195

DeluxeBB 1.2 and earlier are affected by a static code injection vulnerability in admincp.php. The issue allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI, enabling partial impact to integrity and possibly other areas as per the CVSS metrics. No ...

6.5CVSS6.9AI score0.02059EPSS
Exploits0References4Affected Software1
xssed
xssed
added 2008/04/28 12:0 a.m.13 views

Unfixed XSS vulnerability at static-206.196.111.182.primary.net

Security researcher Uber0n, has submitted on 28/04/2008 a cross-site-scripting XSS vulnerability affecting static-206.196.111.182.primary.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/04/2008. ...

6.6AI score
Exploits0References1
Prion
Prion
added 2008/04/17 7:5 p.m.18 views

Code injection

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

9.3CVSS7.8AI score0.03048EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/04/17 4:0 p.m.28 views

CVE-2008-1860

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

7.3AI score0.03048EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2008/03/13 12:0 a.m.32 views

Fedora 8 : ruby-1.8.6.114-1.fc8 (2008-2443)

Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. 226381 - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira...

5CVSS7.2AI score0.18163EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2008/03/13 12:0 a.m.35 views

Fedora 7 : ruby-1.8.6.114-1.fc7 (2008-2458)

Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. 226381 - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira...

5CVSS7.2AI score0.18163EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2008/01/24 12:0 a.m.37 views

sdl_image -- buffer overflow vulnerabilities

Secunia reports: Two vulnerabilities have been reported in SDLimage, which can be exploited by malicious people to cause a Denial of Service or potentially compromise an application using the library. A boundary error within the LWZReadByte function in IMGgif.c can be exploited to trigger the...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.22 views

Debian Security Advisory DSA 169-1 (tomcat4)

The remote host is missing an update to tomcat4 announced via advisory DSA 169-1. OpenVAS Vulnerability Test $Id: deb1691.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 169-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

4.3CVSS0.7AI score0.01035EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.26 views

Debian Security Advisory DSA 225-1 (tomcat4)

The remote host is missing an update to tomcat4 announced via advisory DSA 225-1. OpenVAS Vulnerability Test $Id: deb2251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 225-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.5CVSS0.6AI score0.1682EPSS
Exploits1
Prion
Prion
added 2008/01/04 11:46 a.m.16 views

Code injection

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

7.5CVSS8.4AI score0.04154EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2008/01/04 11:46 a.m.10 views

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

7.5CVSS7.8AI score0.04154EPSS
Exploits0References4
Rows per page
Query Builder