Lucene search
K

8149 matches found

OSV
OSV
added 2004/12/31 5:0 a.m.4 views

DEBIAN-CVE-2004-1405

MediaWiki 1.3.8 and earlier, when used with Apache modmime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...

7.5CVSS7.7AI score0.05154EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2004/12/19 12:0 a.m.59 views

Mandrake Linux Security Advisory : php (MDKSA-2004:151)

A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the packages provided, with the exception of the Corporate Server 2.1 packages, include fixes for all of the...

10CVSS7.9AI score0.1616EPSS
Exploits1References8
Ubuntu
Ubuntu
added 2004/12/17 2:26 a.m.78 views

USN-40-1: PHP vulnerabilities

Stefan Esser reported several buffer overflows in PHP's variable unserializing handling. These could allow an attacker to execute arbitrary code on the server with the PHP interpreter's privileges by sending specially crafted input strings form data, cookie values, and similar. Additionally, Ilia...

10CVSS8.4AI score0.10042EPSS
Exploits0
securityvulns
securityvulns
added 2004/12/16 12:0 a.m.30 views

STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki

STG Security Advisory: SSA-20041215-15 Vulnerability of uploading files with multiple extensions in MoniWiki Revision 1.0 Date Published: 2004-12-15 KST Last Update: 2004-12-15 Disclosed by SSR Team [email protected] Summary ======== MoniWiki is a wiki web application used by many Korean...

0.6AI score
Exploits0
NVD
NVD
added 2004/10/18 4:0 a.m.15 views

CVE-2004-1612

Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. dot dot in a ProcessQueueFile request...

5CVSS6.8AI score0.03266EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2004/09/10 12:0 a.m.28 views

GetSolutions GetIntranet 2.2 - Multiple Remote Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/11149/info Reportedly getSolutions getIntranet is affected by multiple remote input validation vulnerabilities. These issues are caused by a failure of the application to properly sanitize user-supplied input. These issues may be leveraged to carry out SQ...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/09/10 12:0 a.m.13 views

GetSolutions GetIntranet 2.2 - Multiple Remote Input Validation Vulnerabilities

GetSolutions GetIntranet 2.2 - Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/11149/info Reportedly getSolutions getIntranet is affected by multiple remote input validation vulnerabilities. These issues are caused by a failure of the application to...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.14 views

PHP Arbitrary File Upload

Binary data 2286.prm...

2.1CVSS7.3AI score0.00577EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.11 views

PHP 3.0.x < 3.0.17 / 4.0.x < 4.0.3 Hidden Form Field File Upload

Binary data 1478.prm...

5CVSS7.3AI score0.02745EPSS
Exploits1References3
Cvelist
Cvelist
added 2004/06/30 4:0 a.m.17 views

CVE-2004-0613

osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory...

7.5AI score0.09869EPSS
Exploits1References4
securityvulns
securityvulns
added 2004/06/23 12:0 a.m.40 views

Multiple osTicket exploits!

ATTENTION ALL SITES USING OSTICKET. PLEASE DISABLE UPLOADS. June 17 2004. Multiple Problems with osTicket Software Data: OSTICKET, http://www.osticket.com/ "Need to test the system before you install? Then try our demo version of the latest release of osTicket. DEMO DISABLED" Note: When a softwar...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2004/05/11 12:0 a.m.29 views

McAfee ePolicy Orchestrator unauthorized access

Invalid HTTP POST request allows to upload files on server...

1.1AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2004/04/17 4:0 a.m.20 views

CVE-2004-0407

The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service disk consumption by repeatedly uploading files and interrupting the uploads before they finish...

6.5AI score0.01532EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2004/04/12 12:0 a.m.34 views

TikiWiki Project 1.8 - &#039;tiki-view_faq.php?faqId&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection,...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2004/03/22 12:0 a.m.21 views

reget deluxe 3.0 build 121 - Directory Traversal

source: https://www.securityfocus.com/bid/9951/info It has been reported that ReGet may be prone to a directory traversal vulnerability that may allow remote attackers to upload files to arbitrary locations on a target system. The attacker may supply encoded directory traversal sequences in the U...

7AI score
Exploits0
securityvulns
securityvulns
added 2004/03/03 12:0 a.m.28 views

ProFTPD buffer overflow

Buffer overflow on ASCII-files uploading...

3.7AI score
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2004/01/30 12:0 a.m.26 views

JBrowser 1.0/2.x - Unauthorized Admin Access

source: https://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the 'admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of th...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2003/09/23 12:0 a.m.30 views

ProFTPD ASCII translation bug resulting in remote root compromise

A buffer overflow exists in the ProFTPD code that handles translation of newline characters during ASCII-mode file uploads. An attacker may exploit this buffer overflow by uploading a specially crafted file, resulting in code execution and ultimately a remote root compromise...

9CVSS7AI score0.55119EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/07/24 12:0 a.m.30 views

paFileDB <= 3.1 Multiple Vulnerabilities (1)

The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

7.5CVSS5.5AI score0.03628EPSS
Exploits2References10
Exploit DB
Exploit DB
added 2003/07/09 12:0 a.m.35 views

QuadComm Q-Shop 2.5 - Failure To Validate Credentials

source: https://www.securityfocus.com/bid/8153/info Zone-H has reported that the Q-Shop ASP shopping cart software contains a vulnerability that may allow remote attackers to upload arbitrary files. Once uploaded, the attacker may be able to have the script executed in the security context of the...

7AI score
Exploits0
Rows per page
Query Builder