Lucene search
K

103 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-1698

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...

9.3CVSS7.7AI score0.08462EPSS
Exploits2References6
OSV
OSV
added 2022/05/23 10:20 p.m.4 views

USN-5438-1 htmldoc vulnerability

It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary...

10CVSS7.4AI score0.03291EPSS
Exploits1References2
CNVD
CNVD
added 2021/11/11 12:0 a.m.13 views

Siemens Siveillance Video DLNA Server Path Traversal Vulnerability

Siemens Siveillance Video DLNA Server is a video DLNA server from Siemens, a German company, that is vulnerable to a path traversal vulnerability that could be exploited by remote attackers to access any file outside the application's Web document directory. Any file...

7.5CVSS5AI score0.01687EPSS
Exploits0References1
Saint
Saint
added 2015/06/09 12:0 a.m.30 views

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

8.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Gattaca Server 2003 Language Variable Path Exposure

No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Gattaca Server 2003 Null Byte Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

MS IE 4/5/5.5/5.0.1 external.NavigateAndFind() Cross-Frame Vulnerability

No description provided by source. Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet Explorer for Unix 5.0 external.NavigateAndFi...

7.1AI score
Exploits0
Prion
Prion
added 2014/04/30 11:58 p.m.13 views

Directory traversal

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/dbbackups/...

5CVSS6.7AI score0.07619EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2013/11/04 4:55 p.m.1 views

CVE-2013-5559

Buffer overflow in the Active Template Library ATL framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139...

6.8CVSS6.2AI score0.02031EPSS
Exploits0References2
Prion
Prion
added 2012/11/17 9:55 p.m.11 views

Improper access control

DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the 1 log, 2 images, or 3 report directory...

5CVSS7.1AI score0.01369EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2010/06/18 8:30 p.m.23 views

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

5CVSS6.8AI score0.02353EPSS
Exploits1References2
NVD
NVD
added 2010/06/15 2:4 p.m.44 views

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI...

5CVSS6.9AI score0.71926EPSS
Exploits4References4
NVD
NVD
added 2009/06/05 6:30 p.m.19 views

CVE-2009-1941

PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...

5CVSS6.3AI score0.02286EPSS
Exploits0References2
Prion
Prion
added 2009/06/05 6:30 p.m.14 views

Improper access control

PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...

5CVSS6.8AI score0.02286EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2009/06/05 6:13 p.m.37 views

CVE-2009-1941

CVE-2009-1941 affects PAD Site Scripts 3.6. The vulnerability arises from storing sensitive information under the web document root with insufficient access control, allowing remote attackers to download the database via a direct request for dbbackup.txt. Impact is consistent with the CVSS v2 bas...

5CVSS6.5AI score0.02286EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2009/05/24 12:0 a.m.16 views

Microsoft IIS 6.0 Bypass

? printr' IIS 6 WEBDAV Exploit.By [email protected] && Securiteweb.org Usage: php '.$argv0.' source/path/put host path Example: php '.$argv0.' source www.tian6.com /blog/readme.asp Example2: php '.$argv0.' path www.tian6.com /secret/ Example3: php '.$argv0.' put www.tian6.com /secret/ test.txtevil...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2008/09/04 12:0 a.m.33 views

google-download1.txt

Google Chrome Auto Download and Rapid Download By IMC GrahamPhisher Shoutz IMC Tully IMC EXE Shouts To Everyone On The Forums InsaneMasterminds.com To have a file automatically start downloading through google chrome without the users permission is very easy, simple inject the meta refresh tag in...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2008/04/28 6:21 p.m.20 views

CVE-2008-2003

BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to 1 cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via 2 badblue.exe and 3 dyndns.exe. NOTE: this can be...

7.6AI score0.02837EPSS
Exploits0References3
Symantec
Symantec
added 2008/04/08 12:0 a.m.17 views

Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability

Description Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input. Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary...

0.9AI score
Exploits0Affected Software4
CVE
CVE
added 2007/10/28 4:0 p.m.33 views

CVE-2007-5685

The CVE-2007-5685 issue affects the shttp project’s safe_path function, vulnerable before version 0.0.5. The function allows directory traversal when processing a sequence mixing ".." and sub-directories, resolving to a path at or below the web document root but located elsewhere in the tree. Thi...

5CVSS6.6AI score0.03477EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder