Lucene search
+L

59 matches found

Kaspersky
Kaspersky
added 2018/02/13 12:0 a.m.128 views

KLA11193 Multiple vulnerabilities in Adobe Arcobat&Reader

Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities can be exploited to execute arbitrary...

10CVSS8.7AI score0.43418EPSS
Exploits0References11
Prion
Prion
added 2017/12/21 2:29 p.m.17 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data...

10CVSS9.7AI score0.87929EPSS
Exploits9References5Affected Software1
NVD
NVD
added 2017/12/21 2:29 p.m.14 views

CVE-2017-17411

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data...

10CVSS9.6AI score0.87929EPSS
Exploits9References5
Cvelist
Cvelist
added 2017/12/21 2:0 p.m.32 views

CVE-2017-17411

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data...

9.7AI score0.87929EPSS
Exploits9References5
CVE
CVE
added 2017/12/21 2:0 p.m.86 views

CVE-2017-17411

CVE-2017-17411 affects Linksys WVBR0-25/WVBR0 devices (Wireless Video Bridge). The flaw is an OS command injection in the web management portal caused by insufficient input validation, allowing an unauthenticated remote attacker to execute commands with root privileges via the User-Agent header. ...

10CVSS9.6AI score0.87929EPSS
Exploits9References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/07 12:0 a.m.58 views

JVN#80157683: SetucoCMS multiple vulnerabilities

SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains multiple vulnerabilities listed below. Cross-site request forgery - CVE-2016-4891 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

8.8CVSS7.3AI score0.02136EPSS
Exploits0
Prion
Prion
added 2015/10/22 12:0 a.m.15 views

Security feature bypass

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892...

3.5CVSS5.4AI score0.01172EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/10/21 11:59 p.m.21 views

CVE-2015-4892

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4917...

3.5CVSS5.2AI score0.01172EPSS
Exploits0References2
CVE
CVE
added 2015/10/21 11:0 p.m.48 views

CVE-2015-4892

Technical details such as affected product/version, root cause, and remediation are not publicly available in the provided documents. Monitor for updates.

3.5CVSS5.4AI score0.01172EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/10/21 10:0 a.m.43 views

CVE-2014-4892

The CVE-2014-4892 entry affects the uControl Smart Home Automation Android app (version 1.2). The underlying issue is that the application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive information via a crafted cert...

5.4CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2012/09/10 10:0 p.m.44 views

CVE-2012-4892

CVE-2012-4892 describes multiple XSS vulnerabilities in FlatnuX CMS 2012-03.08 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameters in a submitnews action to the news module, and are noted as a differ...

4.3CVSS5.7AI score0.01148EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2011/10/07 10:0 a.m.42 views

CVE-2010-4892

The CVE-2010-4892 entry describes a Cross-site Scripting (XSS) vulnerability in the TYPO3 powermail extension prior to 1.5.5. Affected component: powermail extension for TYPO3. Root cause: XSS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Impact: not quan...

4.3CVSS5.9AI score0.01042EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2010/06/11 2:0 p.m.44 views

CVE-2009-4892

CVE-2009-4892: WEBjump! contains SQL injection in a CMS. Remote attackers can exploit via the id parameter to portfolio_genre.php and news_id.php to execute arbitrary SQL. CVSS v2 base score 7.5 (HIGH). Root cause: insufficient sanitization of user input. Exploitation details are provided in mult...

7.5CVSS8.7AI score0.00907EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2009/06/05 12:0 a.m.10 views

Fedora Core 11 FEDORA-2009-4892 (opensc)

The remote host is missing an update to opensc announced via advisory FEDORA-2009-4892. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.4AI score
Exploits0References2
Circl
Circl
added 2009/03/10 12:0 a.m.3 views

CVE-2009-4892

creationtimestamp| type| source ---|---|--- 2009-03-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8188...

7.5CVSS5.8AI score0.00907EPSS
Exploits1References1
NVD
NVD
added 2008/11/04 12:58 a.m.17 views

CVE-2008-4892

Cross-site scripting XSS vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References5
Cvelist
Cvelist
added 2008/11/04 12:0 a.m.23 views

CVE-2008-4892

Cross-site scripting XSS vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party...

5.8AI score0.01065EPSS
Exploits0References5
CVE
CVE
added 2007/09/14 6:0 p.m.58 views

CVE-2007-4892

CVE-2007-4892 describes multiple SQL injection vulnerabilities in SWSoft Plesk versions 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows. The underlying issue is SQL injection via the PLESKSESSID cookie, exploitable through (1) login.php3 and (2) auth.php3, allowing remote attackers to execute arbitrar...

7.5CVSS8.6AI score0.01216EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2006/09/19 10:0 p.m.47 views

CVE-2006-4892

CVE-2006-4892 concerns an SQL injection in Techno Dreams’ FAQ Manager Package 1.0, exploitable via the key parameter in faqview.asp. The vulnerability allows remote attackers to alter or reveal data by injecting arbitrary SQL commands. The NVD entry associates a high base score (7.5) with network...

7.5CVSS8.8AI score0.02589EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder