Lucene search
+L

1327 matches found

Exploit DB
Exploit DB
added 2004/01/30 12:0 a.m.28 views

JBrowser 1.0/2.x - Unauthorized Admin Access

source: https://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the 'admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of th...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/26 12:0 a.m.36 views

herberlin bremsserver 1.2.4/3.0 - Directory Traversal

source: https://www.securityfocus.com/bid/9493/info Herberlin BremsServer is prone to a directory-traversal vulnerability. An attacker may exploit this issue to gain access to files residing outside the web server root directory of the affected system. This issue exists due to a failure to valida...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/16 12:0 a.m.27 views

MetaDot Portal Server 5.6.x - 'userchannel.pl?op' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/16 12:0 a.m.21 views

MetaDot Portal Server 5.6.x - 'index.pl' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/09/29 12:0 a.m.10 views

GuppY 2.4 - HTML Injection

GuppY 2.4 - HTML Injection source: https://www.securityfocus.com/bid/8717/info It has been reported that one of the scripts included with GuppY is vulnerable to an HTML injection attack. The script, "postguest.php", does not perform input validation to prevent the inclusion of HTML/script content...

7.6AI score
Exploits0
CERT
CERT
added 2002/09/27 12:0 a.m.25 views

PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution

Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...

7.5CVSS7.1AI score0.01875EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2002/07/30 12:0 a.m.24 views

Dispair 0.1/0.2 - Remote Command Execution

source: https://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the underlying shell with the privileges...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/07/24 12:0 a.m.56 views

Cobalt Qube 3.0 - Authentication Bypass

source: https://www.securityfocus.com/bid/5297/info A vulnerability has been reported for Cobalt Qube that may allow an attacker to bypass the authentication mechanism and obtain administrative privileges. The vulnerability occurs because of a weak authentication mechanism with Cobalt Qube...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/06/30 12:0 a.m.11 views

E-Guest 1.1 - Server Side Include Arbitrary Command Execution

E-Guest 1.1 - Server Side Include Arbitrary Command Execution source: https://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. E-Guest does not adequately sanitize user-supplied input in gues...

1AI score
Exploits0
securityvulns
securityvulns
added 2002/04/23 12:0 a.m.43 views

File send interception in AIM

Durig file trasmitio icomig connection is accepted without additioal user or IP validation...

2.1AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2001/12/18 12:0 a.m.18 views

QPopper 4.0.x - PopAuth Trace File Shell Command Execution

QPopper 4.0.x - PopAuth Trace File Shell Command Execution source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctl...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/07/16 12:0 a.m.30 views

Interactive Story File Disclosure Vulnerability

Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2001/07/16 12:0 a.m.37 views

AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2

AdCycle SQL Command Insertion Vulnerability qDefense Advisory Number QDAV-2001-7-2 Product: AdCycle Vendor: AdCyle http://adcycle.com Severity: Remote; Attacker may gain AdCycle administrator status Versions Affected: Versions up to and including 1.15 Vendor Status: Vendor contacted; has released...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2001/07/12 12:0 a.m.38 views

QDAV-2001-7-1

--=====================133743754==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Multiple CGI Flat File Database Manipulation Vulnerability qDefense Advisory Number QDAV-2001-7-1 Product: Numerous CGI's Vendor: Numerous Vendors Severity: Remote; Severity varies, but can often be...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/05/16 12:0 a.m.27 views

DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)

DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2001/04/26 12:0 a.m.21 views

IRIX 5.3/6.x - 'netprint' Arbitrary Shared Library Usage

// source: https://www.securityfocus.com/bid/2656/info The 'netprint' utility shipped with SGI Irix systems is used to send print jobs to print spoolers on remote hosts. It is installed setuid root by default. At the command line, 'netprint' accepts an option to specify the network type -n. This...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/04/17 12:0 a.m.27 views

qDefense Advisory: DCForum allows remote read/write/execute

qDefense Advisory Number QDAV-5-2000-1 Product: DCForum Vendor: DCScripts www.dcscripts.com Version Tested: DCForum 2000 1.0 Severity: Any remote attacker may gain read/write/execute privilleges Cause: Failure to validate input; Trust of hidden fields; Allows uploading of arbitrary files by defau...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.47 views

Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing

The vendor has been contacted on this issue and it is being fixed. please visit his page for further updates. Just so all the script kids know it does allow partial command execution. The only limit to this is commands with arguements. EX: limited to single commands like ls,ps Debian also has thi...

7.4AI score
Exploits0
CERT
CERT
added 2001/01/28 12:0 a.m.42 views

phf CGI Script fails to guard against newline characters

Overview This document describes a vulnerability in a CGI script known as phf which was widely exploited in 1996 and 1997. Description The phf CGI script constructs a partial command line consisting of the ph command and appropriate arguments, and completes the command line based on the input fro...

10CVSS6.8AI score0.86871EPSS
Exploits0References4
securityvulns
securityvulns
added 2000/05/20 12:0 a.m.48 views

Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))

Not much to say. While performing basic input validation checks in Lotus Domino ESMTP service see subject running on the top of Windows NT system this applies probably to other platforms as well, within approximately 30 seconds we found remote buffer overflow leading to system crash and, if...

0.4AI score
Exploits0
Rows per page
Query Builder