e107 2.0 alpha2 Cross Site Scripting Vulnerability
e107 version 2.0 alpha2 suffers from a reflective cross site scripting...
6.2AI Score
0.012EPSS
Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)
For years, the systems and networks that run our businesses have been secured by the efforts of IT and security practitioners acting on their own. We continue to deploy the latest countermeasures, always trying to keep up with adversaries. Criminal attackers, on the other hand, have shared...
6.7AI Score
July 2014 Security Bulletin Release
Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong defense....
7AI Score
7.1AI Score
7.1AI Score
aForum <= 1.32 (CommonAbsDir) Remote File Inclusion Vulnerability
No description provided by...
7.1AI Score
JSFTemplating, Mojarra Scales, GlassFish File Disclosure Vulnerabilities
No description provided by...
7.1AI Score
7.1AI Score
0.4AI Score
7.1AI Score
0.3AI Score
简要描述: 富文本过滤不严格导致可植入恶意脚本盗取用户cookies 详细说明: 对比了一下 WooYun: Thinksaas存储型XSS ,发现确实更新了。我就无耻的来了。 下面是对富文本过滤的代码片段: function cleanJs($text) { $text = trim ( $text ); //$text = stripslashes ( $text ); // 完全过滤注释 $text = preg_replace ( '//', '', $text ); //...
7.1AI Score
D-Bus, GLib: Privilege escalation
Background D-Bus is a daemon providing a framework for applications to communicate with one another. GLib is a library providing a number of GNOME’s core objects and functions. Description When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the...
6.3AI Score
0.0004EPSS
ModSecurity v2.8.0 - Open Source Web Application Firewall
ModSecurity™is an open source, free web application firewall (WAF) Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. Changelog v2.8.0 Bug fix Build issue: Now using autotools to...
6.7AI Score
[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection
Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-001/ Date published:...
0.3AI Score
0.006EPSS
miSecureMessages 4.0.1 - Session Management & Authentication Bypass Vulnerabilities
Exploit for php platform in category web...
7.1AI Score
miSecureMessages 4.0.1 - Session Management Authentication Bypass
miSecureMessages 4.0.1 - Session Management Authentication...
0.9AI Score
7.4AI Score
EPSS
XVI32 is a freeware hex editor running under Windows 9x/NT/2000/XP/Vista/7. The name XVI32 is derived from XVI, the roman notation for the number 16. XVI32 and all of its components are developed by myself. The current release 2.55 is available since June 26, 2012. It comes with a complete online.....
7.2AI Score
Threat Outbreak Alert: Fake Encrypted Message Notification Email Messages on March 31, 2013
Medium Alert ID: 33576 First Published: 2014 March 31 15:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a secure message for the recipient. The text in the email message attempts to convince the recipient to open...
0.7AI Score
Intel® Manycore Platform Software Stack Privilege Escalation
**Summary: ** A previously undisclosed vulnerability in the Intel® Manycore Platform Software Stack (Intel® MPSS) was discovered during internal testing. The vulnerability could allow elevation of privilege under certain circumstances if an attacker has a valid account on a host that contains an...
2.8AI Score
SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability
Document Title: SonicWall Dashboard Backend Server - Client-Side Cross Site Scripting Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1100 Release Date: 2014-03-06 Vulnerability Laboratory ID (VL-ID): 1100 Common Vulnerability Scoring System: 2 Product &.....
0.5AI Score
AlienVault Unified Security Management: Real-Time Threat Detection Starting on Day 1
IT Infrastructure of organizations is growing ever more distributed, complex and difficult to manage. To manage such networks, a log management solution is not enough. The AlienVault Unified Security Management™ (USM) platform is the perfect solution to help manage the flood of information and...
6.4AI Score
-0.3AI Score
AI Score
6.6AI Score
0.002EPSS
-0.2AI Score
0.002EPSS
6.5AI Score
EPSS
Open Web Analytics 1.5.4 - owa_email_address SQL Injection
Open Web Analytics 1.5.4 - owa_email_address SQL...
0.1AI Score
0.006EPSS
Threat Outbreak Alert: Fake Secure Message Delivery Notification Email Messages on February 5, 2014
Medium Alert ID: 32730 First Published: 2014 February 5 15:40 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a secure message for the recipient. The text in the email message attempts to convince the recipient to...
0.7AI Score
[Memoryze] Find Evil in Live Memory (Memory Forensic Software)
Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. Mandiant’s Memoryze features: image the full range of system memory...
7.4AI Score
BlackBerry Releases Security Advisory
BlackBerry has released a security advisory that addresses Adobe® Flash® remote code execution vulnerabilities that affect BlackBerry® Z10, BlackBerry® Q10 smartphone and BlackBerry® PlayBook™ tablet customers. These vulnerabilities could potentially allow an attacker to execute code with the...
8AI Score
[CVE-2013-2764] Secure Entry Server - URL Redirection
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Secure Entry Server (SES) Vendor: United Security Providers Ltd. CSNC ID: CSNC-2013-008 CVD ID: CVE-2013-2764 Subject: URL Redirection Risk: High Effect: Remotely exploitable Author: Alexandre...
AI Score
0.001EPSS
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day)
Document Title: Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1099 Bulletin: Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability...
0.6AI Score
[RHEL 7] Red Hat Enterprise Linux 7 Beta
Red Hat Enterprise Linux 7 Beta showcases hundreds of new features and enhancements, including: Linux Containers - Enabling applications to be created and deployed in isolated environments with allocated resources and permissions. Performance Management – Using built in tools, you can optimize...
7.2AI Score
AI Score
0.001EPSS
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).
General info: The bn (multiprecision integer arithmetics) part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC will work for....
-0.1AI Score
0.1AI Score
-0.2AI Score
7.4AI Score
EPSS
6.6AI Score
0.006EPSS
AI Score
0.006EPSS
Notepad++ Plugin Notepad# 1.5 - Local Exploit
Usage Info Poc With Notepad# plugin (1.5) and Explorer plugin (1.8.2) installed in Notepad ++ 6.3.2, open the html file in attachement, click Enter in the last tag, Npp will crash and calc.exe will open. Without Explorer plugin, these still can be exploit. Explorer plugin makes this easier. Root...
7.4AI Score
-0.2AI Score
0.1AI Score
-0.1AI Score
7.1AI Score
NSA using Browser Cookies to track Tor Users
Yesterday a new classified NSA document was leaked by Edward Snowden - titled 'Tor Stinks' in which ideas were being kicked around for identifying Tor users or degrading the user experience to dissuade people from using the Tor browser. The NSA had a very hard time while tracking down all Tor...
6.5AI Score
NSA using Browser Cookies to track Tor Users
Yesterday a new classified NSA document was leaked by Edward Snowden - titled ‘Tor Stinks’ in which ideas were being kicked around for identifying Tor users or degrading the user experience to dissuade people from using the Tor browser. The NSA had a very hard time while tracking down all Tor...
6.5AI Score
0.6AI Score
EPSS