CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9564 matches found

OSV•added 2015/05/19 6:59 p.m.•1 views

DEBIAN-CVE-2015-3885

Integer overflow in the ljpegstart function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service crash via a crafted image, which triggers a buffer overflow, related to the len variable...

4.3CVSS6.3AI score0.0473EPSS

Exploits0References1

Prion•added 2015/05/19 6:59 p.m.•21 views

Integer overflow

4.3CVSS7.3AI score0.0473EPSS

Exploits0References17Affected Software2

Debian CVE•added 2015/05/19 6:0 p.m.•32 views

CVE-2015-3885

4.3CVSS6.8AI score0.0473EPSS

Exploits0

seebug.org•added 2015/05/13 12:0 a.m.•21 views

kppw 最新版注入(有点奇葩)

简要描述：人生第一发代码审计详细说明：首先给厂商说句抱歉，测试demo的时候把demo搞挂了漏洞文件:control/ajax/balance.php 看代码 $arrSellerInfo = dbfactory::getonesprintf'select from %s a left join %s b on a.uid = b.uid where a.uid =%s',TABLEPRE.'witkeyspace',TABLEPRE.'witkeyshop',intval$id; if$arrSellerInfo'shopbackstyle' $arrBackgroudStyl...

7AI score

Exploits0

securityvulns•added 2015/05/11 12:0 a.m.•71 views

Arbitrary Variable Overwrite in eShop WordPress Plugin

Advisory ID: HTB23255 Product: eShop WordPress plugin Vendor: Rich Pedley Vulnerable Versions: 6.3.11 and probably prior Tested Version: 6.3.11 Advisory Publication: April 15, 2015 without technical details Vendor Notification: April 15, 2015 Public Disclosure: May 6, 2015 Vulnerability Type: Cod...

4.3CVSS0.2AI score0.0017EPSS

Exploits2

CNVD•added 2015/05/06 12:0 a.m.•4 views

WordPress Plugin eShop Arbitrary Variable Override Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL. eShop is an accessible shopping cart WordPress plugin. An arbitrary variable override vulnerability exists in...

6.1CVSS6.9AI score0.0017EPSS

Exploits2References1

Packet Storm•added 2015/05/06 12:0 a.m.•74 views

WordPress eShop 6.3.11 Code Execution

6.1CVSS6.3AI score0.0017EPSS

Exploits2

Zero Day Initiative•added 2015/04/22 12:0 a.m.•29 views

Novell Zenworks Rtrlet.class Session ID Disclosure Vulnerability

This vulnerability allows attackers to disclose Session ID's of logged in users on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The specific flaw exists within Rtrlet.class. By sending a POST request with the maintenance variable set...

6.8CVSS7AI score0.03928EPSS

Exploits0References1

myhack58•added 2015/04/18 12:0 a.m.•12 views

MetInfo latest version of the arbitrary file read vulnerability warning-the black bar safety net

An attacker by submitting a carefully constructed parameters can get the server end of any file content! MetInfo 5.2 which is the current latest version include/thumb.php file originally used to get the thumbnail, but its structure is the thumbnail path to the presence of an external controlled...

1.8AI score

Exploits0

htbridge•added 2015/04/15 12:0 a.m.•514 views

Arbitrary Variable Overwrite in eShop WordPress Plugin

High-Tech Bridge Security Research Lab discovered security vulnerability in eShop WordPress Plugin, which can be exploited by remote attacker to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of...

6.4CVSS6.4AI score0.0017EPSS

Exploits2Affected Software1

CNVD•added 2015/04/15 12:0 a.m.•3 views

das_watchdog 'XAUTHORITY' environment variable handles buffer overflow vulnerabilities

daswatchdog is a generic monitor on Linux operating systems. A buffer overflow vulnerability exists in daswatchdog when handling the XAUTHORITY environment variable. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected application...

7.2CVSS8AI score0.00054EPSS

Exploits0References1

OSV•added 2015/04/14 6:59 p.m.•1 views

DEBIAN-CVE-2015-2831