Lucene search
+L

2489 matches found

paloalto
paloalto
added 2018/06/29 12:0 a.m.25 views

Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in a PAN-OS web interface administration page. Ref. PAN-93242; CVE-2018-9337 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting...

5.4CVSS5.6AI score0.0101EPSS
Exploits0References1
osv
osv
added 2018/05/25 3:29 p.m.5 views

CVE-2018-10350

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\bwlists\handler.php. Authentication is...

8.8CVSS7.1AI score0.15217EPSS
Exploits0References2
prion
prion
added 2018/05/23 4:29 p.m.13 views

Directory traversal

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...

9CVSS8.9AI score0.73934EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2018/05/23 4:29 p.m.19 views

CVE-2018-10354

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability...

9CVSS9.1AI score0.13646EPSS
Exploits0References2
osv
osv
added 2018/05/23 4:29 p.m.4 views

CVE-2018-10352

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability...

8.8CVSS6.1AI score0.02164EPSS
Exploits0References2
nvd
nvd
added 2018/05/23 4:29 p.m.16 views

CVE-2018-10351

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...

9CVSS9AI score0.03701EPSS
Exploits0References2
osv
osv
added 2018/05/23 4:29 p.m.5 views

CVE-2018-10356

A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability...

8.8CVSS6.5AI score0.10549EPSS
Exploits0References2
osv
osv
added 2018/05/23 4:29 p.m.5 views

CVE-2018-10354

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability...

8.8CVSS6.2AI score0.13646EPSS
Exploits0References2
osv
osv
added 2018/05/23 4:29 p.m.6 views

CVE-2018-10357

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...

8.8CVSS6.2AI score0.73934EPSS
Exploits1References3
zdt
zdt
added 2018/05/15 12:0 a.m.205 views

IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure Vulnerabilities

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities. Vulnerabilities in IBMs Flashsystems and Storwize Products...

0.5AI score0.02658EPSS
Exploits3
ptsecurity
ptsecurity
added 2018/05/07 12:0 a.m.3 views

PT-2018-10108 · Cksource +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: Liferay versions 6.2.x and earlier Description: The issue concerns an FCKeditor configuration that may allow an attacker to upload or transfer files of potentially dangerous types. These files can be automatically processed within the product...

8.8CVSS8.8AI score0.01789EPSS
Exploits1References4
osv
osv
added 2018/04/12 5:29 p.m.4 views

UBUNTU-CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7AI score0.01101EPSS
Exploits0References3
exploitdb
exploitdb
added 2018/04/06 12:0 a.m.34 views

Cobub Razor 0.7.2 - Cross-Site Request Forgery

Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery Date: 2018-03-07 Exploit Author: ppb Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7746 There is a vulnerability. Authentication is not required for...

8.8CVSS7AI score0.03154EPSS
Exploits5
zdt
zdt
added 2018/02/27 12:0 a.m.113 views

Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service Exploit

Asterisk version 15.2.0 running chanpjsip suffers from an SDP message related denial of service vulnerability. Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip -...

7AI score
Exploits0
redhat
redhat
added 2017/10/24 12:15 a.m.7 views

supervisor: Command injection via malicious XML-RPC request

A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...

9CVSS7.4AI score0.87544EPSS
Exploits10References4
prion
prion
added 2017/10/19 7:29 p.m.16 views

Design/Logic Flaw

DISPUTED This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002...

9CVSS9.2AI score0.06685EPSS
Exploits0References2Affected Software1
osv
osv
added 2017/10/19 7:29 p.m.6 views

CVE-2017-10955

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by...

8.8CVSS6.2AI score
Exploits0References2
cvelist
cvelist
added 2017/10/19 7:0 p.m.14 views

CVE-2017-10955

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by...

8.9AI score0.06685EPSS
Exploits0References2
osv
osv
added 2017/10/18 6:29 p.m.4 views

CVE-2017-15359

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to...

6.5CVSS5.8AI score0.06168EPSS
Exploits4References2
osv
osv
added 2017/10/03 1:29 a.m.3 views

CVE-2017-14754

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Arbitrary File Read: /xAdmin/html/cmdatasourcegroupxsd.jsp, parameter: xsddatasourceschemafile filename. In order for this vulnerability to be...

6.5CVSS5.8AI score0.01297EPSS
Exploits2References2
Rows per page
Query Builder