CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

114 matches found

Atlassian•added 2011/09/07 10:10 p.m.•19 views

View PDF Macro in Office Connector makes http fetch from Adobe from https session

The View PDF macro within the Office Connector plugin provides the following http URL even for https sessions when a user's browser fails the Flash installed test. http://www.adobe.com/images/shared/downloadbuttons/getflashplayer.gif It's bad form to mix http urls in with secured https sessions a...

6.8AI score

Exploits0

OpenVAS•added 2011/06/01 12:0 a.m.•22 views

Nmap NSE net: ms-sql-hasdbaccess

Queries Microsoft SQL Server ms-sql for a list of databases a user has access to. The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'mssql-brute' or 'mssql-empty- password'. When run, the script...

0.2AI score

Exploits0

OpenVAS•added 2011/06/01 12:0 a.m.•10 views

Nmap NSE net: ms-sql-empty-password

Attempts to authenticate using an empty password for the sysadmin sa account. SYNTAX: mssql.timeout: How long to wait for SQL responses. This is a number followed by 'ms' for milliseconds, 's' for seconds, 'm' for minutes, or 'h' for hours. Default: '30s'. OpenVAS Vulnerability Test $Id:...

8.1AI score

Exploits0

Nmap•added 2010/04/04 10:11 a.m.•126 views

ms-sql-empty-password NSE Script

Attempts to authenticate to Microsoft SQL Servers using an empty password for the sysadmin sa account. SQL Server credentials required: No will not benefit from mssql.username & mssql.password. Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or mssql.instance-po...

10CVSS0.4AI score0.94176EPSS

Exploits33

Nmap•added 2010/04/04 10:11 a.m.•488 views

ms-sql-xp-cmdshell NSE Script

Attempts to run a command using the command shell of Microsoft SQL Server ms-sql. SQL Server credentials required: Yes use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or...

10CVSS0.6AI score0.94176EPSS

Exploits33

Tenable Nessus•added 2010/03/04 12:0 a.m.•33 views

Debian DSA-2006-1 : sudo - several vulnerabilities

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0426 It was discovered that sudo when a pseudo-command is enabled,...

6.9CVSS7.6AI score0.0076EPSS

Exploits4References6

0day.today•added 2009/07/13 12:0 a.m.•21 views

Tandberg MXP F7.0 (USER) Remote Buffer Overflow PoC

Exploit for unknown platform in category dos / poc =================================================== Tandberg MXP F7.0 USER Remote Buffer Overflow PoC =================================================== TANDBERG BoF v0.1 - Tandberg MXP F7.0 Buffer Overflow Vulnerability PoC By otokoyama + We...

7AI score

Exploits0

exploitpack•added 2009/05/14 12:0 a.m.•19 views

Nortel Contact Center Manager - Administration Password Disclosure

Nortel Contact Center Manager - Administration Password Disclosure source: https://www.securityfocus.com/bid/34964/info Nortel Contact Center Manager Administration is prone to a password-disclosure vulnerability caused by a design error. Attackers can exploit this issue to gain access to the...

0.2AI score

Exploits0

Exploit DB•added 2009/05/14 12:0 a.m.•27 views

Nortel Contact Center Manager - Administration Password Disclosure

source: https://www.securityfocus.com/bid/34964/info Nortel Contact Center Manager Administration is prone to a password-disclosure vulnerability caused by a design error. Attackers can exploit this issue to gain access to the 'sysadmin' password. Successfully exploiting this issue may lead to...

7AI score

Exploits0

Exploit DB•added 2008/06/21 12:0 a.m.•31 views

Scientific Image DataBase 0.41 - Blind SQL Injection

!/usr/bin/perl use strict; use warnings; use LWP::UserAgent; Download: http://sidb.sourceforge.net/ Dork: "Scientific Image DataBase" This exploit retrives the admin username/password via blind mysql injection. print ; my $substr, $done, $chr, $res = 1, 1, 48, ""; my $ua = LWP::UserAgent-new agen...

7.4AI score

Exploits0

myhack58•added 2005/11/19 12:0 a.m.•20 views

To xp_cmdshell March-vulnerability warning-the black bar safety net

To xpcmdshell March - Using MSSQLDatastore expansion madeserviceis the management right In MSSQL having sysadmin permission to the user through the xpcmdshell stored extensions to the system permissions to execute arbitrary system commands, and therefore most of the security attention of the...

8.9AI score

Exploits0

CVE•added 2001/09/12 4:0 a.m.•37 views

CVE-1999-1179

CVE-1999-1179 describes a vulnerability in the included man.sh CGI script from SysAdmin Magazine (May 1998) that allows remote attackers to execute arbitrary commands. The NVD notes a CVSSv2 base score of 7.5 (HIGH) with AV:N/AC:L/Au:N/C:P/I:P/A:P. The entry lists no exploitation status and provi...

7.5CVSS8.2AI score0.0083EPSS

Exploits0References1Affected Software1

Packet Storm•added 1999/08/17 12:0 a.m.•42 views

backhoe.article

backhoe article, by miff 1. what is it? backhoe is a backdoor daemon that copies a rootshell into /tmp periodically, then deletes it. You set the frequency that you want rootshells to appear, and you set the amount of time that they will persist before backhoe deletes them. This gives the user wh...

7.4AI score

Exploits0