Lucene search
K

116 matches found

Saint
Saint
added 2010/10/11 12:0 a.m.20 views

Novell iManager getMultiPartParameters file upload vulnerability

Added: 10/11/2010 BID: 43635 OSVDB: 68320 Background Novell iManager is a web-based management interface for other Novell products. Problem The getMultiPartParameters function in the nps.jar web application in Novell iManager allows remote attackers to upload arbitrary files to the server. By...

1.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2010/10/01 12:0 a.m.11 views

Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nps.jar web application exposed via the Tomcat server running by default on TCP...

10CVSS7.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2010/09/17 12:0 a.m.96 views

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...

7.5CVSS5.9AI score0.75838EPSS
Exploits8References4
exploitpack
exploitpack
added 2008/09/30 12:0 a.m.20 views

eFront 3.5.1 build 2710 - Arbitrary File Upload

eFront 3.5.1 build 2710 - Arbitrary File Upload -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- eFront eNYe-Sec - www.enye-sec.org -- Description by the author's page -- eFront is an easy to use, visually attractive, SCORM compatible, eLearning and Human Capital Development...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2005/11/16 7:37 a.m.18 views

CVE-2003-1252

register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...

7.6AI score0.0309EPSS
Exploits1References6
exploitpack
exploitpack
added 2005/10/19 12:0 a.m.15 views

Xerver 4.17 Server - URI Null Character Cross-Site Scripting

Xerver 4.17 Server - URI Null Character Cross-Site Scripting source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2005/10/19 12:0 a.m.10 views

Xerver 4.17 - Single Dot File Request Source Disclosure

Xerver 4.17 - Single Dot File Request Source Disclosure source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/10/19 12:0 a.m.15 views

Xerver 4.17 - Forced Directory Listing

Xerver 4.17 - Forced Directory Listing source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/19 12:0 a.m.15 views

Xerver 4.17 Server - URI Null Character Cross-Site Scripting

source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to disclose the contents of any Web accessible...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/19 12:0 a.m.16 views

Xerver 4.17 - Single Dot File Request Source Disclosure

source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to disclose the contents of any Web accessible...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/04/21 4:0 a.m.35 views

CVE-2001-1446

Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories...

6.5AI score0.03082EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/04/08 12:0 a.m.44 views

Macromedia Coldfusion MX application server information leak

Compilde JAVA pages are stored in the Web accessible directory...

3.2AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2000/12/19 5:0 a.m.18 views

CVE-2000-1161

The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases...

6.9AI score0.01387EPSS
Exploits0References2
securityvulns
securityvulns
added 2000/08/07 12:0 a.m.34 views

PCCS MySQL DB Admin Tool v1.2.3- Advisory

This advisory highlights a weakness in the file structure of the a href="http://PCCS-Linux.COM/PCCS"PCCS MySQL Database Admin Tool/a. This web application can expose a mySQL administrator’s password. Problem: The default install requires you to use a directory that is web accessible. Under that...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2000/01/04 12:0 a.m.11 views

Allaire ColdFusion Server 4.04.0.1 - CFCACHE Information Disclosure

Allaire ColdFusion Server 4.04.0.1 - CFCACHE Information Disclosure source: https://www.securityfocus.com/bid/917/info ColdFusion 4.x includes a function called CFCACHE. This function improves server performance by caching the HTML output of processed CFM pages. When the CFCACHE tag is used in a...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2000/01/04 12:0 a.m.27 views

Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Information Disclosure

source: https://www.securityfocus.com/bid/917/info ColdFusion 4.x includes a function called CFCACHE. This function improves server performance by caching the HTML output of processed CFM pages. When the CFCACHE tag is used in a CFM page, it creates temporary files. Some of these files are .tmp...

7AI score
Exploits0
Rows per page
Query Builder