Lucene search
+L

624 matches found

RedHat Linux
RedHat Linux
added 2019/03/28 2:52 p.m.9 views

thunderbird: flaw in verification of S/MIME signature resulting in signature spoofing

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with...

5.3CVSS7.4AI score0.01676EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2019/03/27 12:0 a.m.35 views

PHPCMS 2008 type.php Code Injection (CVE-2018-19127)

A code injection vulnerability exists in PHPCMS 2008. An attacker could write arbitrary content to a website cache file with a controllable filename. Successful exploitation of this vulnerability could lead to arbitrary code execution...

7.5CVSS3.5AI score0.20766EPSS
Exploits0
Prion
Prion
added 2019/03/06 10:29 p.m.12 views

Directory traversal

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

4CVSS6.5AI score0.01441EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/06 10:0 p.m.47 views

CVE-2019-9611

CVE-2019-9611 affects OFCMS prior to 1.1.3. The issue enables a directory traversal via the admin/cms/template/getTemplates.html?res_path=res parameter, allowing ../ in dir to write arbitrary content (file_content) to an arbitrary file (file_name). Root cause: save function in TemplateController....

6.5CVSS6.5AI score0.01441EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/01/03 4:0 p.m.260 views

CVE-2019-3701

CVE-2019-3701 affects the Linux kernel CAN subsystem (can_can_gw_rcv in net/can/gw.c) up to version 4.19.13. The CAN frame modification rules can apply bitwise logic to can_dlc, enabling a privileged user with CAP_NET_ADMIN to create a can-gw rule that makes the DLC larger than the frame data. Wh...

4.9CVSS6.2AI score0.00698EPSS
Exploits1References14Affected Software1
NVD
NVD
added 2018/12/24 3:29 p.m.20 views

CVE-2018-8920

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...

7.2CVSS6.4AI score0.01027EPSS
Exploits0References1
Prion
Prion
added 2018/12/24 3:29 p.m.23 views

Input validation

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...

6.5CVSS7AI score0.01027EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/12/24 3:29 p.m.5 views

CVE-2018-8920

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...

7.2CVSS5.9AI score0.01027EPSS
Exploits0References2
CVE
CVE
added 2018/12/24 3:0 p.m.57 views

CVE-2018-8920

CVE-2018-8920 affects Synology DiskStation Manager (DSM) prior to 6.1.6-15266, via the Log Exporter. The root cause is improper neutralization of escape characters when exporting an archive in CSV format, enabling remote attackers to inject arbitrary content with an unspecified impact. The vulner...

7.2CVSS7AI score0.01027EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/11/09 12:29 p.m.14 views

Code injection

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

7.5CVSS9.7AI score0.20766EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/11/09 12:0 p.m.29 views

CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

9.8AI score0.20766EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/10/23 5:29 p.m.2 views

CVE-2018-8569

A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App...

7.8CVSS6.8AI score0.13335EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2018/10/19 7:0 a.m.16 views

Yammer Desktop Application Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...

7.8CVSS2.5AI score0.13335EPSS
Exploits0
CNVD
CNVD
added 2018/07/04 12:0 a.m.4 views

Unspecified Vulnerability in Rclone

Rclone is a command line program for synchronizing files and directories. A security vulnerability exists in Rclone version 1.42 that stems from the program failing to validate URL fields from the Google Cloud Storage API server. An attacker could exploit the vulnerability to pass arbitrary conte...

7.5CVSS7.1AI score0.01306EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/27 12:0 a.m.7 views

Fortinet FortiManager Override Vulnerability

Fortinet FortiManager and FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management solution.FortiAnalyzer is a centralized network security reporting solution. An override vulnerability exists in Fortinet FortiManager version 6.0.0 and...

6.5CVSS6.5AI score0.01683EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/13 12:0 a.m.7 views

Canon PrintMe EFI webinterface cross-site scripting vulnerability

Canon PrintMe EFI is a mobile printing solution from Canon Japan. The solution allows users to connect to Canon print devices via mobile devices to perform operations. webinterface is one of the web management interfaces. A cross-site scripting vulnerability exists in the Canon PrintMe EFI...

6.1CVSS5.9AI score0.02469EPSS
Exploits5References1
Prion
Prion
added 2018/06/11 9:29 p.m.17 views

Code injection

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

4.9CVSS6.1AI score0.00442EPSS
Exploits1References9Affected Software4
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.25 views

CVE-2016-5291

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

5.5CVSS8AI score0.00442EPSS
Exploits1
CNVD
CNVD
added 2017/10/31 12:0 a.m.7 views

CloudBees Static Analysis Utilities plugin cross-site scripting vulnerability

CloudBees Static Analysis Utilities plugin is the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools in a static analysis plugin . A cross-site scripting vulnerability exists in the Details view in the CloudBees Static Analysis Utilities plugin. A remote...

5.4CVSS5.3AI score0.00743EPSS
Exploits0References1
0day.today
0day.today
added 2017/10/15 12:0 a.m.82 views

Opentext Documentum Content Server File Download Exploit

Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions. !/usr/bin/env python Opentext Documentum Content Server formerly known a...

4CVSS5.3AI score0.04946EPSS
Exploits4
Rows per page
Query Builder