Lucene search
K

56 matches found

Prion
Prion
added 2022/10/31 7:15 a.m.15 views

Design/Logic Flaw

Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service...

6.4CVSS6.8AI score0.00618EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/31 6:40 a.m.11 views

CVE-2022-40742 SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Local File Inclusion

Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service...

6.5CVSS6.9AI score0.00618EPSS
Exploits0References1
Prion
Prion
added 2022/01/14 5:15 a.m.14 views

Path traversal

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

3.3CVSS6.5AI score0.00452EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/14 4:50 a.m.16 views

CVE-2022-22054 ASUS RT-AX56U - Path Traversal

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

6.5CVSS6.7AI score0.00452EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/31 12:0 a.m.21 views

ZOHO ManageEngine Log360 code issue vulnerability

ZzOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.A code issue...

9.8CVSS2.3AI score0.04603EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/15 12:0 a.m.5 views

Unspecified vulnerability in elFinder

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads , image scaling and other features . A security vulnerability exists in elFinder.Net.Core that stems from user-controlled filenames not being properly cleaned up before being us...

7.5CVSS6.7AI score0.01997EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.6 views

MetInfo 路径遍历漏洞

MetInfo adopts PHP+Mysql architecture, it is a cms building system which is very friendly to SEO, fully functional, supports multi-language, responsive display, and extremely suitable for enterprise and company website construction. A file modification vulnerability exists in MetInfo 7.0 beta. An...

9.1CVSS5.6AI score0.02201EPSS
Exploits1References4
Citrix
Citrix
added 2020/11/09 9:9 a.m.38 views

Citrix ShareFile StorageZones Controller Multiple Security Updates

Description of Problem Two security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system, and also to discover the full...

4.3CVSS4.6AI score0.01105EPSS
Exploits2
CNVD
CNVD
added 2020/06/02 12:0 a.m.4 views

Lexiglot Path Traversal Vulnerability

Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. A path traversal vulnerability exists in Lexiglot 2014-11-20 and earlier versions, which can be exploited by remote attackers to obtain sensitive information full path with the help of...

5.3CVSS6.7AI score0.01368EPSS
Exploits1References1
exploitpack
exploitpack
added 2019/01/16 12:0 a.m.32 views

ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution

ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage:...

10CVSS0.2AI score0.19715EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2018/05/23 12:0 a.m.40 views

GLSA-201805-09 : Shadow: security bypass

The remote host is affected by the vulnerability described in GLSA-201805-09 Shadow: security bypass A local attacker could possibly bypass security restrictions if an administrator used group blacklisting to restrict access to file system paths. Impact : A local attacker could possibly bypass...

5.3CVSS6.4AI score0.01596EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2018/05/22 12:0 a.m.412 views

Shadow: security bypass

Background Shadow is a set of tools to deal with user accounts. Description A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths. Impact A local attacker could possibly bypass security restrictions...

5.3CVSS5.7AI score0.01596EPSS
Exploits1
seebug.org
seebug.org
added 2011/05/08 12:0 a.m.12 views

phpThumb 'phpThumbDebug' Information Disclosure

No description provided by source. Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure Google Dork: inurl:phpThumb.php Date: 06/05/2011 Author: mook Software Link: http://phpthumb.sourceforge.net/download Version: 1.7.9 Tested on: linux Vulnerability: Information disclosure which...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/05/06 12:0 a.m.11 views

phpThumb - phpThumbDebug Information Disclosure

phpThumb - phpThumbDebug Information Disclosure Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure Google Dork: inurl:phpThumb.php Date: 06/05/2011 Author: mook Software Link: http://phpthumb.sourceforge.net/download Version: 1.7.9 Tested on: linux Vulnerability: Information disclosur...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2010/05/05 12:16 a.m.15 views

The system paths are to be locked down to the JIRA Home directory

Currently JIRA allows you to change system file paths at runtime. While convenient, this allowed an attacker to elevate his/her stolen system admin access into a situation where he/her can execute arbitrary code. A decision has been made to remove the ability to set the paths at run time. For new...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/05/05 12:16 a.m.16 views

The system paths are to be locked down to the JIRA Home directory

Currently JIRA allows you to change system file paths at runtime. While convenient, this allowed an attacker to elevate his/her stolen system admin access into a situation where he/her can execute arbitrary code. A decision has been made to remove the ability to set the paths at run time. For new...

2AI score
Exploits0Affected Software1
Rows per page
Query Builder