Lucene search
K

3229 matches found

NVD
NVD
added 2011/01/28 4:0 p.m.14 views

CVE-2011-0650

Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...

6.8CVSS6.9AI score0.01058EPSS
Exploits0References6
NVD
NVD
added 2011/01/28 4:0 p.m.12 views

CVE-2011-0018

The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...

9CVSS7.1AI score0.09266EPSS
Exploits5References8
Prion
Prion
added 2011/01/28 4:0 p.m.22 views

Cross site request forgery (csrf)

The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...

9CVSS7.4AI score0.09266EPSS
Exploits5References8Affected Software1
Prion
Prion
added 2011/01/28 4:0 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...

6.8CVSS7.2AI score0.09266EPSS
Exploits5References6Affected Software1
CVE
CVE
added 2011/01/28 3:0 p.m.44 views

CVE-2011-0650

CVE-2011-0650 concerns Greenbone Security Assistant (GSA) prior to 2.0+rc3. The issue is a CSRF vulnerability that allows an attacker to hijack the user’s authenticated session to issue OMP requests to OpenVAS Manager (e.g., sending email). This is tied to exploitation of CVE-2011-0018 via the GS...

6.8CVSS7AI score0.01058EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2011/01/28 3:0 p.m.22 views

CVE-2011-0650

Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...

6.9AI score0.01058EPSS
Exploits0References6
securityvulns
securityvulns
added 2010/09/09 12:0 a.m.53 views

[security bulletin] HPSBUX02552 SSRT100062 rev.1 - HP-UX running Software Distributor (sd), Local Privilege Increase, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02285980 Version: 1 HPSBUX02552 SSRT100062 rev.1 - HP-UX running Software Distributor sd, Local Privilege Increase, Unauthorized Access NOTICE: The information in this Security Bulletin should be...

6.8CVSS0.6AI score0.00331EPSS
Exploits0
securityvulns
securityvulns
added 2010/07/18 12:0 a.m.51 views

[security bulletin] HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace(2), Local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01832652 Version: 1 HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace2, Local Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release...

4.9CVSS0.1AI score0.00525EPSS
Exploits0
securityvulns
securityvulns
added 2010/07/18 12:0 a.m.60 views

[security bulletin] HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01835108 Version: 1 HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...

4.3CVSS0.4AI score0.12649EPSS
Exploits1
securityvulns
securityvulns
added 2010/05/20 12:0 a.m.91 views

[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02181353 Version: 1 HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting XSS, Denial of Service DoS NOTICE: The information in this Security...

7.5CVSS0.3AI score0.9444EPSS
Exploits18
ThreatPost
ThreatPost
added 2010/05/17 4:8 p.m.7 views

The Coming Wave of Mobile Attacks

The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for...

0.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2010/05/12 12:0 a.m.36 views

Mac OS X Security Update 2009-001

The remote host is missing Security Update 2009-001. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

10CVSS6.8AI score0.22621EPSS
Exploits29References1
myhack58
myhack58
added 2010/04/10 12:0 a.m.13 views

Nine days of self-help built Station system Xday-vulnerability warning-the black bar safety net

Keywords: inurl:/regTemletSel. asp? step=2 Or E-Commerce self-help built Station-your ideal assistant Use method: 1 registered 2 web site management---resource management---upload hackqing. asp;qing.jpg 3get a webshell Special case: 1. the forced name change 2. the iis parsing vulnerability is...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2010/03/31 12:0 a.m.81 views

[security bulletin] HPSBMA02490 SSRT090222 rev.1 - HP SOA Registry Foundation, Remote Unauthorized Access to Data, Cross Site Scripting (XSS), Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02037890 Version: 1 HPSBMA02490 SSRT090222 rev.1 - HP SOA Registry Foundation, Remote Unauthorized Access to Data, Cross Site Scripting XSS, Privilege Escalation NOTICE: The information in this...

8.5CVSS0.6AI score0.02146EPSS
Exploits0
securityvulns
securityvulns
added 2010/03/11 12:0 a.m.62 views

[security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02033170 Version: 1 HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands NOTICE: The information in this Security Bulletin should be acted upon as soon a...

10CVSS0.6AI score0.05664EPSS
Exploits0
securityvulns
securityvulns
added 2009/12/17 12:0 a.m.55 views

[security bulletin] HPSBMA02252 SSRT061258, SSRT061259 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01124817 Version: 1 HPSBMA02252 SSRT061258, SSRT061259 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acte...

10CVSS0.7AI score0.60286EPSS
Exploits5
securityvulns
securityvulns
added 2009/12/15 12:0 a.m.75 views

[security bulletin] HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01943614 Version: 1 HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege NOTICE: The information in this Security Bulletin should be act...

10CVSS0.7AI score0.10608EPSS
Exploits0
NVD
NVD
added 2009/12/04 7:30 p.m.9 views

CVE-2009-4201

Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the 1 ID3v1, 2 ID3v2, or 3 APEv2 metadata field...

9.3CVSS7.8AI score0.0478EPSS
Exploits2References4
Prion
Prion
added 2009/12/04 7:30 p.m.15 views

Stack overflow

Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the 1 ID3v1, 2 ID3v2, or 3 APEv2 metadata field...

9.3CVSS8.4AI score0.0478EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2009/12/04 7:0 p.m.37 views

CVE-2009-4201

The CVE-2009-4201 entry concerns Mp3 Tag Assistant Professional 2.92 build 300, which contains multiple stack-based buffer overflows in the MP3 metadata parsing logic. Specifically, overflows occur when processing long strings in ID3v1, ID3v2, or APEv2 metadata fields, enabling remote attackers t...

9.3CVSS7.8AI score0.0478EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder