Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64 (20140519)
It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting....
-0.3AI Score
0.046EPSS
Juniper ScreenOS is vulnerable to a denial of service from malformed SSL packets
Overview Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets. Description Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets. Additional details may be found in...
6.4AI Score
0.013EPSS
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID...
7.3AI Score
0.002EPSS
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID...
7.3AI Score
0.002EPSS
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID...
7.3AI Score
0.002EPSS
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID...
7.3AI Score
0.002EPSS
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID...
7.3AI Score
0.002EPSS
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID...
7.3AI Score
0.002EPSS
Threat Outbreak Alert: Fake Product Purchase Order Request Email Messages on April 24, 2014
Medium Alert ID: 33931 First Published: 2014 April 24 18:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product purchase order request for the recipient. The text in the email message attempts to convince the...
0.5AI Score
0.2AI Score
Updated ruby-will_paginate package fixes CVE-2013-6459
Updated ruby-will_paginate packages fix security vulnerability: Cross-Site Scripting (XSS) vulnerabilities were found in will_paginate gem for Ruby, where certain input related to generated pagination links were not properly sanitised before being returned. This could be exploited to execute...
0.7AI Score
0.002EPSS
NetGear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
Exploit for hardware platform in category web...
7.1AI Score
7.4AI Score
NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities
NETGEAR DGN2200 N300 Wireless Router - Multiple...
0.6AI Score
Franklin Fueling Systems TS-550 evo 'tsaws.cgi'安全绕过漏洞
Bugtraq ID:65041 CVE ID: CVE-2013-7248 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550 evo中存在安全漏洞,该漏洞源于程序对roleDiag账户使用硬编码密码。远程攻击者可利用该获取root权限,可完全控制设备。...
6.4AI Score
0.01EPSS
Franklin Fueling Systems TS-550 evo‘cgi-bin/tsaws.cgi’安全绕过漏洞
Bugtraq ID:64996 CVE ID: CVE-2013-7247 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550...
8.4AI Score
0.008EPSS
-0.8AI Score
0.017EPSS
SimplyShare v1.4 iOS - Multiple Web Vulnerabilities
Document Title: SimplyShare v1.4 iOS - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1181 Release Date: 2014-01-28 Vulnerability Laboratory ID (VL-ID): 1181 Common Vulnerability Scoring System: 9.2 Product & Service Introduction: SimplyShare.....
0.3AI Score
0.1AI Score
AI Score
7.4AI Score
7.1AI Score
0.1AI Score
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a...
8.5AI Score
0.008EPSS
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a...
7.1AI Score
0.01EPSS
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a...
7AI Score
0.01EPSS
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a...
8.3AI Score
0.008EPSS
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a...
6.9AI Score
0.008EPSS
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a...
7.6AI Score
0.01EPSS
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a...
8.5AI Score
0.008EPSS
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a...
7AI Score
0.01EPSS
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities
Exploit for hardware platform in category web...
6.5AI Score
0.01EPSS
8.7AI Score
EPSS
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple...
0.3AI Score
0.01EPSS
Franklin Fueling's T550 Evo Access Control / Credentials
Franklin Fueling's TS-550 Evo suffers from insufficient access control and hard-coded credential...
8.7AI Score
0.01EPSS
0.5AI Score
0.01EPSS
Adobe ColdFusion 9 Administrative Login Bypass Vulnerability
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web...
0.6AI Score
0.974EPSS
7.4AI Score
EPSS
0.5AI Score
FBI compromised Tor hidden service to bust largest Child Pornography Ring
A few days before the servers of the largest provider of Ultra Anonymous hosting were found to be serving custom malware designed to identify visitors who were using the Tor service to hide their identity online. The javascript code exploited a security vulnerability in the open-source version of.....
7AI Score
FBI compromised Tor hidden service to bust largest Child Pornography Ring
A few days before the servers of the largest provider of Ultra Anonymous hosting were found to be serving custom malware designed to identify visitors who were using the Tor service to hide their identity online. The javascript code exploited a security vulnerability in the open-source version of.....
7AI Score
Questions Linger About New Linux 'Hand of Thief' Trojan
It looks like cybercriminals will soon be able to add yet another Trojan to their hacking repertoire, the Hand of Thief banking malware that targets Linux machines. Currently being sold on the Russian black market, Hand of Thief is fetching $2,000 USD (€1,500 EUR) but could be poised to run a cool....
0.3AI Score
0.5AI Score
Easy LAN Folder Share Version 3.2.0.100 - Buffer Overflow Exploit
Exploit for windows platform in category local...
6.8AI Score
Easy LAN Folder Share 3.2.0.100 - Local Buffer Overflow (SEH)
Easy LAN Folder Share 3.2.0.100 - Local Buffer Overflow...
AI Score
7.4AI Score
EPSS
Cisco Web Security Appliance Web框架任意命令执行漏洞(CVE-2013-3384)
CVE(CAN) ID: CVE-2013-3384 Cisco Web Security Appliance是安全的Web网关,在一个平台上集成了恶意软件防护、应用可视化控制、策略控制等。Cisco IronPort AsyncOS是电子邮件安全设备。 Cisco Web Security Appliance设备上的IronPort AsyncOS在Web框架的实现上,以及Content Security Management Appliance设备和Email Security...
6.3AI Score
0.007EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...
7.2AI Score
0.007EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID...
7.3AI Score
0.002EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID...
7.8AI Score
0.002EPSS