OSCA-550, OSCA-550A Security Vulnerabilities
1.4AI Score
Description of the security update for Outlook 2013: September 12, 2017
Description of the security update for Outlook 2013: September 12, 2017 Summary There is a Microsoft Office update for defense-in-depth updates to help improve security-related features. To learn more about the vulnerability, see Microsoft advisory ADV170015. Note To apply this security update,...
6.7AI Score
Description of the security update for SharePoint Server 2010: August 8, 2017
Description of the security update for SharePoint Server 2010: August 8, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
5.9AI Score
0.002EPSS
Denial Of Service (DoS) Through Memory Leak
ImageMagick is vulnerable to denial of service (DoS) attacks through memory leaks. A malicious user can cause a memory leak by passing a JNG image to the application, causing the application to...
8.8CVSS
7.9AI Score
8.8CVSS
6.4AI Score
0.002EPSS
8.8CVSS
7.2AI Score
0.002EPSS
8.8CVSS
8.4AI Score
0.002EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
7AI Score
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. Bugs https://github.com/ImageMagick/ImageMagick/issues/550 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870108 Notes Author| Note ---|--- mdeslaur | same fix as CVE-2017-12565 not fixing memory leak in...
6.7AI Score
0.002EPSS
Zfc-User is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize input strings in the user/login.phtml files, allowing a malicious user to inject and execute arbitrary...
5.6AI Score
Fedora 26 : libmtp (2017-69fdb38f3e)
libmtp 1.1.13 ============= Christophe Vu-Brugier (1) : added GoPro HERO5 Black Emeric Grange (2) : added GoPro HERO5 Session rename F5321 into XPeria X Compact Gaute Hope (2) : add GoPro Hero+ add mtp-detect for GoPro Hero+ Jerry Zhang (1) : Update Google device strings, add...
-0.9AI Score
Fedora 24 : libmtp (2017-d26266eb32)
libmtp 1.1.13 ============= Christophe Vu-Brugier (1) : added GoPro HERO5 Black Emeric Grange (2) : added GoPro HERO5 Session rename F5321 into XPeria X Compact Gaute Hope (2) : add GoPro Hero+ add mtp-detect for GoPro Hero+ Jerry Zhang (1) : Update Google device strings, add...
-0.9AI Score
What Can The Dark Web Teach Us About Enterprise Security?
Ever since the law enforcement takedown of the Silk Road underground marketplace in 2013, there has been increasing interest in the depth and breadth of the Deep Web. This portion of the internet has been largely shrouded from the public eye, representing an environment in which hackers can...
6.9AI Score
Fedora 25 : libmtp (2017-4c57da6642)
libmtp 1.1.13 ============= Christophe Vu-Brugier (1) : added GoPro HERO5 Black Emeric Grange (2) : added GoPro HERO5 Session rename F5321 into XPeria X Compact Gaute Hope (2) : add GoPro Hero+ add mtp-detect for GoPro Hero+ Jerry Zhang (1) : Update Google device strings, add...
-0.9AI Score
Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back
South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate...
6.4AI Score
This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This module extracts the...
7.1AI Score
LG MRA58K - ASFParser::ParseHeaderExtensionObjects Missing Bounds-Checking Exploit
Exploit for Android platform in category dos /...
7AI Score
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free Exploit
Exploit for Android platform in category dos /...
7AI Score
Description of the security update for Outlook 2013: June 13, 2017
Description of the security update for Outlook 2013: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...
7.6AI Score
0.274EPSS
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid...
0.1AI Score
7.4AI Score
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
...
7.4AI Score
LG MRA58K - ASFParser::ParseHeaderExtensionObjects Missing Bounds-Checking
LG MRA58K - ASFParser::ParseHeaderExtensionObjects Missing...
0.2AI Score
Threat Outbreak Alert RuleID29079: Email Messages Distributing Malicious Software on May 16, 2017
Medium Alert ID: 53859 First Published: 2017 May 16 20:02 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID29079) may contain the following...
0.1AI Score
LG G4 MRA58K - mkvparser::Block::Block Heap Buffer Overflow
LG G4 MRA58K - mkvparser::Block::Block Heap Buffer...
0.8AI Score
7.4AI Score
LG G4 MRA58K - mkvparser::Block::Block Heap Buffer Overflows Exploit
Exploit for Android platform in category dos /...
7AI Score
fisher-price.com XSS vulnerability
Vulnerable URL: http://www.fisher-price.com/us/products/demo.asp?filename=ss_gym&h;=550&w;=540" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 59797 VIP website status:| No Check fisher-price.com SSL...
6.3AI Score
7AI Score
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
WordPress Plugin WebDorado Gallery 1.3.29 - SQL...
0.5AI Score
WordPress WebDorado Gallery 1.3.29 Plugin - SQL Injection Vulnerability
Exploit for php platform in category web...
6.7AI Score
Open Bug Bounty ID: OBB-230327 Description| Value ---|--- Affected Website:| indigo.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
6.2AI Score
Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection
http://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf...
0.8AI Score
Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection
http://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf PoC...
-0.3AI Score
Cross site request forgery (csrf)
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...
6.5CVSS
6.3AI Score
0.001EPSS
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious...
8.8CVSS
8.5AI Score
0.001EPSS
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious...
8.8CVSS
6.4AI Score
0.001EPSS
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...
6.5CVSS
7AI Score
0.001EPSS
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...
6.5AI Score
0.001EPSS
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious...
6.4AI Score
0.001EPSS
Vulnerable URL: http://www.pmm.it/narda/search.asp?search=nbm-550%22%27%20Style=position:fixed;top:0;left:0;font-size:999px;%20Onmouseenter=confirmOPENBUGBOUNTY%20//# Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability...
6.3AI Score
0.2AI Score
0.152EPSS
Exponent CMS 2.4.1 SQL Injection Vulnerability
Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection...
0.1AI Score
0.152EPSS
-0.1AI Score
7AI Score
WinSCP 5.9.4 - LIST Denial of Service (Metasploit)
WinSCP 5.9.4 - LIST Denial of Service...
0.2AI Score
7.4AI Score
Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution Vulnerabilities
Exploit for php platform in category web...
0.4AI Score
0.4AI Score
Horde Groupware Webmail 345 - Multiple Remote Code Executions
Horde Groupware Webmail 345 - Multiple Remote Code...
0.4AI Score