Lucene search
+L

301 matches found

CVE
CVE
added 2017/01/27 10:1 p.m.66 views

CVE-2017-3389

CVE-2017-3389 affects Oracle E-Business Suite, Oracle Advanced Outbound Telephony User Interface in versions 12.1.1–12.2.6. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony; exploitation requires human interaction. ...

8.2CVSS8.3AI score0.01416EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2016/10/14 2:59 a.m.33 views

CVE-2016-3389

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-7190, and...

7.6CVSS7.7AI score0.15168EPSS
Exploits0References3
Prion
Prion
added 2016/10/14 2:59 a.m.20 views

Memory corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and...

7.6CVSS7.7AI score0.66919EPSS
Exploits0References3
CVE
CVE
added 2016/10/14 1:0 a.m.83 views

CVE-2016-3389

The CVE-2016-3389 entry concerns the Chakra JavaScript engine in Microsoft Edge. It describes memory corruption that can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted website. The connected advisories reiterate the same description but do not provide ...

7.6CVSS7.6AI score0.15168EPSS
Exploits0References3Affected Software1
Kaspersky
Kaspersky
added 2016/10/11 12:0 a.m.99 views

KLA10885 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities 1. An improper memory objects handlin...

9.3CVSS8.6AI score0.41323EPSS
Exploits0References26
Debian
Debian
added 2016/01/24 4:50 a.m.114 views

[SECURITY] [DLA 400-1] pound security update

Package : pound Version : 2.6-1+deb6u1 CVE ID : CVE-2009-3555 CVE-2011-3389 CVE-2012-4929 CVE-2014-3566 This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as...

9.8CVSS5.9AI score0.99999EPSS
Exploits26
OpenVAS
OpenVAS
added 2015/10/08 12:0 a.m.25 views

Oracle: Security Advisory (ELSA-2007-0710)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.5AI score0.16258EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.50 views

Oracle: Security Advisory (ELSA-2011-1380)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.2AI score0.96714EPSS
Exploits20References4
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.32 views

Gentoo Security Advisory GLSA 201312-04

Gentoo Linux Local Security Checks GLSA 201312-04 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

9.3CVSS8.3AI score0.04785EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.244 views

Amazon Linux: Security Advisory (ALAS-2011-10)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.2AI score0.96714EPSS
Exploits20References4
NVD
NVD
added 2015/04/21 6:59 p.m.14 views

CVE-2015-3389

Cross-site scripting XSS vulnerability in the Download counts report page in the Public Download Count module pubdlcnt 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00965EPSS
Exploits0References4
CVE
CVE
added 2015/04/21 6:0 p.m.61 views

CVE-2015-3389

Summary: CVE-2015-3389 affects the Drupal Public Download Count module (pubdlcnt). The vulnerability is an XSS in the Download counts report page in 7.x-1.x-dev and earlier due to insufficient sanitization, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified...

3.5CVSS5.4AI score0.00965EPSS
Exploits0References4Affected Software1
Debian
Debian
added 2015/02/16 3:44 p.m.94 views

[SECURITY] [DLA 154-1] nss security update

Package : nss Version : 3.12.8-1+squeeze11 CVE ID : CVE-2011-3389 CVE-2014-1569 Debian Bug : 773625 nss 3.12.8-1+squeeze11 fixes two security issues: CVE-2011-3389 SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen plaintext attacks which allowed man-in-the middle attackers to obtain...

7.5CVSS6.8AI score0.73327EPSS
Exploits8
Drupal
Drupal
added 2015/02/04 12:0 a.m.19 views

SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting (XSS) - Unsupported

Public Download Count module keeps track of file download counts. The module doesn't sufficiently sanitize user supplied text in the Download counts report page thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role wit...

3.5CVSS6AI score0.00965EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.49 views

Oracle Solaris Third-Party Patch Update : python (multiple_vulnerabilities_in_python) (BEAST)

The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained...

5CVSS6.4AI score0.73327EPSS
Exploits9References6
seebug.org
seebug.org
added 2014/11/27 12:0 a.m.16 views

用友软件存在两处命令执行漏洞可影响内网安全

简要描述: 刚进公司几天,无意看网站发现两处小漏洞,不知道报那里,就丢乌云吧 详细说明: 翻网站的时候无意发现两处Struts 1.http://comp.yonyou.com/hr/sm/Smindex.action 2.http://comp.yonyou.com/base/par/Parindex.action 貌似是没上线的平台,但是看一下信息就知道危害了 首先,先看看服务器信息 WIN2008服务器 再看看端口 3389是直接开放的 再看看IP吧 内网,再加上3389端口是默认开放的,如果,进行端口转发,提权,那么。。。 最后看看盘符信息吧 基本全遍历。 漏洞证明:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/11/26 12:0 a.m.16 views

TPKT Client Detection

Binary data 7155.pasl...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2014/11/12 12:0 a.m.36 views

Fedora Update for Pound FEDORA-2014-13777

Check the version of Pound SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868477";...

6.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2014/11/07 12:0 a.m.29 views

Fedora Update for Pound FEDORA-2014-13764

Check the version of Pound SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868456";...

4.3CVSS6.5AI score0.99999EPSS
Exploits7References2
CVE
CVE
added 2014/10/10 10:0 a.m.47 views

CVE-2014-3389

CVE-2014-3389 affects Cisco ASA VPN Failover component. The vulnerability arises from an improper implementation of the internal tunnel-filter for packets from an established VPN tunnel, allowing remote authenticated users to obtain failover-unit access via crafted packets. Connected advisories c...

9CVSS6.2AI score0.02797EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder