3 results (0.004 seconds)

CVSS: 10.0EPSS: 5%CPEs: 18EXPL: 1

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot. • https://www.exploit-db.com/exploits/3928 http://osvdb.org/37919 http://www.securityfocus.com/bid/23992 https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 1

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. • http://ciac.llnl.gov/ciac/bulletins/e-25.shtml http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm http://www.phreak.org/archives/security/8lgm/8lgm.lpr •

CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0138 •