Lucene search
+L

635 matches found

Cvelist
Cvelist
added 2017/12/22 2:0 p.m.25 views

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

7.3AI score0.03467EPSS
Exploits0References2
CNVD
CNVD
added 2017/12/04 12:0 a.m.5 views

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-36125)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in Cisco Meeting Server versions prior to 2.2.2. A remote attacker can exploit this...

7.8CVSS6.8AI score0.02348EPSS
Exploits0References1
Apple
Apple
added 2017/11/30 10:36 a.m.51 views

About the security content of watchOS 2.2.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

10CVSS0.7AI score0.1398EPSS
Exploits9Affected Software1
OSV
OSV
added 2017/11/30 9:29 a.m.2 views

CVE-2017-12362

A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service DoS condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker...

6.5CVSS5.8AI score0.02348EPSS
Exploits0References3
CNVD
CNVD
added 2017/11/13 12:0 a.m.5 views

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-36506)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS...

6.1CVSS6.1AI score0.00669EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2017/11/13 12:0 a.m.26 views

CMS Made Simple 2.2.2 Reflected XSS Vulnerability

CMS Made Simple is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.1AI score0.00669EPSS
Exploits2References1
CVE
CVE
added 2017/11/10 11:0 p.m.54 views

CVE-2017-16784

CMS Made Simple 2.2.2 is affected by a Reflected XSS flaw exploitable via the cntnt01detailtemplate parameter. The vulnerability is described as Reflected XSS in multiple sources, with CVSS scores indicating a Medium impact (CVSSv3 base 6.1; CVSSv2 base 4.3). The connected documents confirm the v...

6.1CVSS5.9AI score0.00669EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2017/10/19 8:29 a.m.7 views

Denial of service

A vulnerability in the web console of the Cisco Cloud Services Platform CSP 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines VMs operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation o...

6.5CVSS9.3AI score0.02162EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2017/08/15 12:0 a.m.32 views

CMS Made Simple <= 2.2.2 Upload Vulnerability

CMS Made Simple is prone to an upload vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple"...

5.2AI score
Exploits0References2
NVD
NVD
added 2017/07/30 2:29 p.m.18 views

CVE-2017-11742

The writeRandomBytesRtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking...

7.8CVSS7.6AI score0.00468EPSS
Exploits0References2
CVE
CVE
added 2017/07/30 2:0 p.m.71 views

CVE-2017-11742

Affected software: Expat library (libexpat) on Windows, versions 2.2.1 and 2.2.2. Root cause: writeRandomBytes_RtlGenRandom in xmlparse.c suffers from an untrusted DLL search path, enabling DLL hijacking via a malicious ADVAPI32.DLL in the current working directory. Impact: local privilege escala...

7.8CVSS7.6AI score0.00468EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2017/07/30 2:0 p.m.19 views

CVE-2017-11742

The writeRandomBytesRtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking...

7.8CVSS7.8AI score0.00468EPSS
Exploits0
CNVD
CNVD
added 2017/07/25 12:0 a.m.7 views

ATutor Path Traversal Vulnerability

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A directory traversal vulnerability exists in versions of ATutor prior to 2.2.2. An attacker can exploit...

7.5CVSS7.5AI score0.01937EPSS
Exploits1References1
OSV
OSV
added 2017/07/18 12:29 a.m.4 views

CVE-2017-11405

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...

4.9CVSS5.8AI score0.00849EPSS
Exploits1References1
Prion
Prion
added 2017/07/18 12:29 a.m.20 views

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...

4CVSS4.9AI score0.00849EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/07/18 12:0 a.m.5 views

CMS Made Simple Upload Vulnerability (CNVD-2017-24997)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMSMS version...

4.9CVSS5.4AI score0.00849EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/18 12:0 a.m.4 views

CMS Made Simple Upload Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMSMS version...

4.9CVSS5.4AI score0.00849EPSS
Exploits1References1
Debian
Debian
added 2017/06/29 7:14 p.m.46 views

[SECURITY] [DLA 1005-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u4 CVE ID : CVE-2017-9462 Debian Bug : 861243 In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. For Debian 7...

9CVSS7.1AI score0.21512EPSS
Exploits1
Packet Storm
Packet Storm
added 2017/06/27 12:0 a.m.50 views

GLPI 0.90.4 SQL Injection

Exploit Title: Multiple SQL injection vulnerabilities in GLPI 0.90.4 Date: 2016/09/09 Exploit Author: Eric CARTER in/ericcarterengineer - CS c-s.fr Vendor Homepage: http://glpi-project.org Software Link: http://glpi-project.org/spip.php?article3 Version: 0.90.4 Tested on: GLPI 0.90.4 running on a...

7.6AI score0.01603EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/27 12:0 a.m.66 views

GLPI 0.90.4 - SQL Injection

Exploit Title: Multiple SQL injection vulnerabilities in GLPI 0.90.4 Date: 2016/09/09 Exploit Author: Eric CARTER in/ericcarterengineer - CS c-s.fr Vendor Homepage: http://glpi-project.org Software Link: http://glpi-project.org/spip.php?article3 Version: 0.90.4 Tested on: GLPI 0.90.4 running on a...

7.5CVSS7.6AI score0.01603EPSS
Exploits4
Rows per page
Query Builder