CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2678 matches found

CNVD•added 2018/06/15 12:0 a.m.•3 views

sync-exec information disclosure vulnerability

sync-exec is a synchronized executable with status code support. A security vulnerability exists in sync-exec versions prior to 0.11.9, which stems from another user on the server having read access to the tmp directory. An attacker can use this vulnerability to obtain sensitive file information ...

6.5CVSS6.5AI score0.00369EPSS

Exploits0References1

Veracode•added 2018/06/07 7:1 a.m.•14 views

Insecure Cookie Handling

drill-java-exec is vulnerable to insecure cookie handling attacks. The vulnerability exists due to the lack of httpOnly flag in the response cookies, allowing the cookies to be stolen by a third party website...

6.5AI score

Exploits0

NVD•added 2018/06/04 7:29 p.m.•13 views

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

6.5CVSS6.3AI score0.00369EPSS

Exploits0References4

OSV•added 2018/06/04 7:29 p.m.•14 views

CVE-2017-16024

6.5CVSS6.5AI score

Exploits0References4

Prion•added 2018/06/04 7:29 p.m.•10 views

Buffer overflow

4CVSS6.2AI score0.00369EPSS

Exploits0References4Affected Software2

Cvelist•added 2018/06/04 7:0 p.m.•14 views

CVE-2017-16024

6.2AI score0.00369EPSS

Exploits0References4

CVE•added 2018/06/04 7:0 p.m.•68 views

CVE-2017-16024

The CVE-2017-16024 entry concerns the sync-exec module, used to simulate Node.js child_process.execSync in Node versions

6.5CVSS6.2AI score0.00369EPSS

Exploits0References4Affected Software1

Circl•added 2018/05/29 3:50 p.m.•2 views

CVE-2014-125118

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/antivirus/escanpasswordexec.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

9.4CVSS5.7AI score0.66705EPSS

Exploits0References1

Circl•added 2018/05/29 3:50 p.m.•4 views

CVE-2011-10017

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/snortreportexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

10CVSS5.7AI score0.75792EPSS

Exploits0References1

Metasploit•added 2018/05/27 8:24 p.m.•60 views

WMI Exec

A similar approach to psexec but executing commands through WMI. !/usr/bin/env python3 Copyright c 2003-2018 CORE Security Technologies This software is provided under under a slightly modified version of the Apache Software License. See the accompanying LICENSE file for more information. import...

10AI score

Exploits0

Tenable Nessus•added 2018/05/24 12:0 a.m.•11 views

Fedora 27 : glibc (2018-9c88c32d15)

This updates contains various updates from the upstream glibc 2.26 release branch, including minor fixes for the realpath function and the i386 memmove implementation. Starting with this update, glibc will no longer re-exec systemd during glibc updates RHBZ1579225. Note that Tenable Network...

5.5AI score

Exploits0References1

exploitpack•added 2018/05/18 12:0 a.m.•20 views

Prime95 29.4b8 - Stack Buffer Overflow (SEH)

Prime95 29.4b8 - Stack Buffer Overflow SEH Exploit Title: Prime95 Local Buffer Overflow SEH Date: 13-4-2018 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: https://www.mersenne.org/ Software Link: https://www.mersenne.org/download/download Version: 29.4b8 Tested...

0.9AI score

Exploits0

Positive Technologies•added 2018/05/17 12:0 a.m.•2 views

PT-2018-10400

Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15 Description The issue allows an unprivileged attacker to hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This is achieved through a process occupying a...

5.9CVSS6.2AI score0.01928EPSS

Exploits5References17

0day.today•added 2018/05/01 12:0 a.m.•686 views

Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution...

9.9AI score0.94382EPSS

Exploits14

RedHat Linux•added 2018/04/25 8:37 p.m.•86 views

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.6CVSS6.8AI score0.88482EPSS

Exploits8References5

Tenable Nessus•added 2018/04/13 12:0 a.m.•134 views

Drupal Remote Code Execution Vulnerability (SA-CORE-2018-002) (exploit)

Binary data drupalCVE-2018-7600rce.nbin...

9.8CVSS10AI score0.94489EPSS

Exploits45References3

OSV•added 2018/04/12 5:29 p.m.•0 views

DEBIAN-CVE-2018-1084

corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c...

7.5CVSS7.6AI score0.00311EPSS

Exploits0References1