Lucene search
K

434 matches found

Tenable Nessus
Tenable Nessus
added 2016/03/01 12:0 a.m.30 views

FreeBSD : phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability (f682a506-df7c-11e5-81e4-6805ca0b3d42)

The phpMyAdmin development team reports : XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of...

6.8CVSS6.4AI score0.03109EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2016/02/29 12:0 a.m.30 views

phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...

6.8CVSS1.4AI score0.03109EPSS
Exploits0References4
CNVD
CNVD
added 2016/02/11 12:0 a.m.5 views

Microsoft Windows Buffer Overflow Vulnerability

Microsoft Windows is a series of operating systems designed for personal computer and server users from the American company Microsoft. Microsoft Windows 8.1,Windows Server 2012 Gold R2,Windows 10 There is a buffer overflow vulnerability that allows a remote attacker to execute arbitrary code by...

9.3CVSS8.1AI score0.22619EPSS
Exploits0References1
Prion
Prion
added 2015/11/24 8:59 p.m.22 views

Path traversal

The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of...

10CVSS8.1AI score0.01746EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2015/11/22 3:59 a.m.30 views

CVE-2015-7036

The fts3tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a SQL command that triggers an API call with a crafted pointer value in the second argument...

7.5CVSS9.4AI score0.39286EPSS
Exploits0References4
Prion
Prion
added 2015/11/22 3:59 a.m.24 views

Sql injection

The fts3tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a SQL command that triggers an API call with a crafted pointer value in the second argument...

7.5CVSS8.5AI score0.39286EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2015/11/22 2:0 a.m.31 views

CVE-2015-7036

The fts3tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a SQL command that triggers an API call with a crafted pointer value in the second argument...

6.8AI score0.39286EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/10/05 12:0 a.m.28 views

Open-Xchange (OX) App Suite SQL Injection Vulnerability (Oct 2015)

Open-Xchange OX App Suite is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS7.5AI score0.01649EPSS
Exploits3References3
NVD
NVD
added 2015/09/28 4:59 p.m.11 views

CVE-2015-5703

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS7.9AI score0.01748EPSS
Exploits0References3
Prion
Prion
added 2015/09/28 4:59 p.m.10 views

Sql injection

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS8.5AI score0.01748EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2015/07/03 12:0 a.m.46 views

Soreco AG Xpert.Line 3.0 Authentication Bypass

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Author: Alessandro Zala [email protected] Andreas Hunkeler...

5.7CVSS0.3AI score0.03043EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/05/20 12:0 a.m.46 views

phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3) (deprecated)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x prior to 4.4.6.1. It is, therefore, potentially affected by multiple vulnerabilities: - An attacker cou...

6.4AI score0.01597EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2015/05/14 12:0 a.m.29 views

FreeBSD : phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities (c6e31869-f99f-11e4-9f91-6805ca0b3d42)

The phpMyAdmin development team reports : XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...

6.8CVSS8AI score0.01597EPSS
Exploits1References5
Hacker One
Hacker One
added 2015/02/03 10:59 p.m.12 views

Nearby Live: Group Invite not properly authenticated

There is no check whether the inviting user is allowed to invite a user into a group and through manipulation a user may sent themself and invite to any group. Example: Group A created by User 1 with Owner invitation only with ID x User 2 sends malicious himself invite with ID x and receives invi...

0.9AI score
Exploits0
Prion
Prion
added 2015/01/15 3:59 p.m.16 views

Code injection

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...

5CVSS7.1AI score0.03184EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/01/15 3:0 p.m.24 views

CVE-2014-9593

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...

6.6AI score0.03184EPSS
Exploits0References4
CVE
CVE
added 2015/01/15 3:0 p.m.44 views

CVE-2014-9593

Apache CloudStack is affected by CVE-2014-9593: before 4.3.2 and 4.4.x before 4.4.2, the listSslCerts API call can disclose private keys. Likely impact is information disclosure of SSL private keys. The remediation in the connected records is to upgrade to CloudStack 4.3.2+ or 4.4.2+ (i.e., fixed...

5CVSS6.8AI score0.03184EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2014/12/12 3:59 p.m.27 views

CVE-2014-7136

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

7.2CVSS7.5AI score0.00632EPSS
Exploits1References3
Prion
Prion
added 2014/12/12 3:59 p.m.24 views

Heap overflow

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

7.2CVSS8.1AI score0.00632EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/12/12 3:0 p.m.34 views

CVE-2014-7136

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

7.5AI score0.00632EPSS
Exploits1References3
Rows per page
Query Builder