Lucene search
K

73 matches found

OSV
OSV
added 2024/02/21 3:15 p.m.6 views

CVE-2023-50955

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777...

2.7CVSS5.8AI score0.00595EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.6 views

PT-2024-14026 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated privileged user to obtain the absolute path of the web server installation, which could aid in further attacks against the system. Recommendations:...

2.7CVSS6.4AI score0.00595EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

IBM InfoSphere Information Server Security Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that originate...

2.7CVSS6.2AI score0.00595EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/12/08 12:0 a.m.9 views

The vulnerability of the GE Proficy HMI/SCADA iFIX software control system lies in improper code generation, which allows attackers to gain full control over the software.

The vulnerability of the GE Proficy HMI/SCADA iFIX supervisory control software lies in improper code generation. Exploiting this vulnerability can allow an attacker to gain full control over the software by introducing a malicious configuration file into the expected web server execution path...

10CVSS8AI score0.00571EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/05 11:15 p.m.6 views

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

7.8CVSS5.9AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.7 views

PT-2023-5230 · Ge · Ge Cimpicity

Name of the Vulnerable Software and Affected Versions: GE CIMPLICITY version 2023 Description: The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to...

7.8CVSS7.5AI score0.00183EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2023/05/16 8:43 a.m.4 views

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

7.4CVSS6.8AI score0.0199EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.8 views

GE iFIX 代码注入漏洞

GE iFIX is General Electric's GE platform for improving productivity and process control through industrial-grade SCADA and high-performance HMI. A code injection vulnerability exists in GE iFIX. An attacker could use this vulnerability to insert a malicious configuration file into the intended w...

9.8CVSS8.7AI score0.00571EPSS
Exploits0References4
exploitpack
exploitpack
added 2020/02/24 12:0 a.m.33 views

eLection 2.0 - id SQL Injection

eLection 2.0 - id SQL Injection Title: eLection 2.0 - 'id' SQL Injection Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/election-by-tripath/ Software Link: https://sourceforge.net/projects/election-by-tripath/files/Version 2.0 Tested on Ubuntu 19/Ka...

Exploits0
Cvelist
Cvelist
added 2007/10/24 11:0 p.m.25 views

CVE-2003-1469

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message...

6.5AI score0.06722EPSS
Exploits1References5
CVE
CVE
added 2007/10/24 11:0 p.m.48 views

CVE-2003-1468

Technical details beyond the CVE description are not provided in the supplied documents. Monitor for updates from authoritative sources to confirm affected versions, impact, and fixes.

4.3CVSS7.1AI score0.02272EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2007/10/24 11:0 p.m.45 views

CVE-2003-1486

CVE-2003-1486 affects Phorum 3.4 to 3.4.2. An incorrect HTTP request to one of nine scripts (smileys.php, quick_listrss.php, purge.php, news.php, memberlist.php, forum_listrss.php, forum_list_rdf.php, forum_list.php, move.php) can make the server leak its full path in an error message. This is a ...

5CVSS6.8AI score0.01186EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2006/11/10 2:0 a.m.41 views

CVE-2006-5844

Speedywiki 2.0 is affected. The vulnerability allows remote attackers to disclose the web server’s full path by abusing the showRevisions[] and searchText[] parameters in index.php, and also via a direct request to upload.php with no parameters. This aligns with NVD data and PT Security’s advisor...

5CVSS7AI score0.01434EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2006/11/10 12:0 a.m.5 views

PT-2006-6518 · Speedywiki · Speedywiki

Name of the Vulnerable Software and Affected Versions: Speedywiki version 2.0 Description: The issue allows remote attackers to obtain the full path of the web server. This can be achieved via the showRevisions and searchText parameters in "index.php", and also through a direct request to...

5CVSS6.6AI score0.01434EPSS
Exploits1References6
NVD
NVD
added 2006/11/06 10:7 p.m.15 views

CVE-2006-5759

index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty 1 rns or 2 pag arguments, which reveals the path in an error message...

5CVSS6.7AI score0.01403EPSS
Exploits1References4
CVE
CVE
added 2006/11/06 10:0 p.m.48 views

CVE-2006-5759

The connected PT-2006-6440 entry confirms a path-disclosure vulnerability in Rhadrix If-CMS, affecting versions 1.01–2.07. The issue arises when empty arguments rns[] or pag[] are provided, causing an error message that reveals the web server’s full filesystem path. This can aid an attacker in lo...

5CVSS7.1AI score0.01403EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2006/09/22 10:7 p.m.22 views

CVE-2006-4899

The ePPIServlet script in Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" single quote in the PIProfile function, which leaks the path in an error message...

5CVSS6.6AI score0.09883EPSS
Exploits1References11
Cvelist
Cvelist
added 2006/09/22 10:0 p.m.25 views

CVE-2006-4899

The ePPIServlet script in Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" single quote in the PIProfile function, which leaks the path in an error message...

6.6AI score0.09883EPSS
Exploits1References11
Prion
Prion
added 2006/06/07 10:2 a.m.12 views

Deserialization of untrusted data

index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action...

5CVSS7.4AI score0.01657EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/05/31 10:0 a.m.17 views

CVE-2006-2690

An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid 1 perso or 2 aide parameters...

6.7AI score0.01496EPSS
Exploits0References1
Rows per page
Query Builder