Lucene search
K

64 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/17 4:55 a.m.4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...

7.7CVSS7AI score0.02021EPSS
Exploits0References9
Veracode
Veracode
added 2019/05/02 5:41 a.m.38 views

Insufficient Entropy In Key Generation Algorithm

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

7.5CVSS7AI score0.06135EPSS
Exploits0References31Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/07/20 8:10 p.m.512 views

Cross-Site Scripting in the Management Web Interface

A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...

1.6AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/07/20 8:10 p.m.12 views

Cross-Site Scripting in the Management Web Interface

A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...

6.1CVSS5.9AI score0.01195EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.21 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

4.3CVSS6.9AI score0.01065EPSS
Exploits0References1
CVE
CVE
added 2016/08/25 9:0 p.m.49 views

CVE-2016-5673

CVE-2016-5673 affects UltraVNC Repeater prior to 1300, which does not restrict destination IP addresses or TCP ports. This allows a remote attacker to induce the repeater (acting as a proxy) to open connections to arbitrary hosts/ports, e.g., exploiting a :: substring between IP and port. The vul...

7.5CVSS7.4AI score0.01871EPSS
Exploits0References3Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2016/06/27 6:30 p.m.20 views

Cross-site scripting vulnerability

A cross-site scripting vulnerability exists in the web interface whereby data provided by the user is stored without sanitization. Ref 90635 CVE-2016-2219. This issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious...

5.4CVSS6AI score0.00782EPSS
Exploits0References1
NVD
NVD
added 2015/09/22 10:59 a.m.18 views

CVE-2015-5576

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows...

5CVSS6.5AI score0.05481EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2015/06/05 12:0 a.m.5 views

The vulnerability of Google Chrome browser allows a perpetrator to replace data.

The android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java file of the Google Chrome browser contains errors related to improper restriction of URL identifiers when creating pop-up windows. As a result, attackers may be able to replace the data displayed in the pop-up windows...

5CVSS7.7AI score0.01422EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2014/09/10 1:0 a.m.75 views

CVE-2014-0557

CVE-2014-0557 affects Adobe Flash Player (and related AIR components) across Windows, OS X, Linux, and Android/APIs. The vulnerability arises from improper restriction of memory address discovery, enabling bypass of ASLR via unspecified vectors. The CVSS 2.0 base metrics indicate a high-severity,...

10CVSS6.3AI score0.05074EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2014/08/12 10:0 p.m.94 views

CVE-2014-0545

Technical details for CVE-2014-0545 are not publicly available in the provided documents. The connected EUVD entries mention malware and generic memory-leakage contexts without product/version/impact specifics. Monitor for updates.

10CVSS6.3AI score0.03978EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.25 views

AIX 5.3 TL 8 : xntpd (IZ68659)

'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...

6.4CVSS7.4AI score0.32288EPSS
Exploits3References2
UbuntuCve
UbuntuCve
added 2012/07/20 10:40 a.m.22 views

CVE-2011-4592

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron...

5CVSS5.9AI score0.01393EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/04/21 8:27 a.m.6 views

Multiple Cybozu products vulnerable to authentication bypass

Overview Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of ...

5.8CVSS6.8AI score0.01374EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/04/19 12:0 a.m.36 views

JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass

Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product. Impact A remote attacker may view or modify information stored b...

5.8CVSS6.5AI score0.01374EPSS
Exploits0
NVD
NVD
added 2010/03/10 10:30 p.m.24 views

CVE-2010-0962

The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT...

5CVSS6.5AI score0.01246EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2008/12/08 9:2 a.m.12 views

tomcat RemoteFilterValve Information disclosure

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

4.3CVSS5.9AI score0.04807EPSS
Exploits2References4
NVD
NVD
added 2008/10/13 8:0 p.m.21 views

CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

4.3CVSS6.1AI score0.04807EPSS
Exploits2References23
Prion
Prion
added 2008/10/13 8:0 p.m.18 views

Cross site request forgery (csrf)

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

4.3CVSS6.2AI score0.04807EPSS
Exploits2References23Affected Software1
Cvelist
Cvelist
added 2008/10/13 6:0 p.m.34 views

CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

6AI score0.04807EPSS
Exploits2References23
Rows per page
Query Builder