Lucene search
+L

214 matches found

OSV
OSV
added 2019/03/14 2:29 a.m.3 views

CVE-2019-9760

FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption...

9.8CVSS6.3AI score0.53093EPSS
Exploits5References2
The Hacker News
The Hacker News
added 2018/09/05 9:9 a.m.3 views

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like...

6.5AI score
Exploits0
OSV
OSV
added 2018/07/31 10:58 p.m.1 views

GHSA-M5H6-HR3Q-22H5 npm Token Leak in npm

Affected versions of the npm package include the bearer token of the logged in user in every request made by the CLI, even if the request is not directed towards the user's active registry. An attacker could create an HTTP server to collect tokens, and by various means including but not limited t...

7.5CVSS7.1AI score0.06748EPSS
Exploits0References9
CNVD
CNVD
added 2018/07/18 12:0 a.m.3 views

Microsoft Enhanced Mitigation Experience Toolkit (EMET) XML External Entity Injection Vulnerability

Microsoft Enhanced Mitigation Experience Toolkit is a security tool introduced in response to vulnerabilities. It protects users from attacks even when patches are not installed through technologies such as Data Execution Protection DEP, Structured Exception Handling Override Protection SEHOP, an...

7.2AI score
Exploits0References1
OSV
OSV
added 2018/03/20 2:29 p.m.3 views

CVE-2018-4844

A vulnerability has been identified in SIMATIC WinCC OA UI for Android All versions V3.15.10, SIMATIC WinCC OA UI for iOS All versions V3.15.10. Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache...

6.7CVSS5.8AI score0.00427EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/11/29 11:8 p.m.60 views

Open-Xchange: SSRF in /appsuite/api/autoconfig

FYI: This was conducted on a local install of App Suite and not the sandbox. App Suite version was: 7.8.4 Rev14 Hello, There is a possible SSRF vulnerability in the following App Suite API endpoint that will primarily allow blind port scanning of the App Suite server and any internal servers...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/09/08 3:14 a.m.7 views

jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)

Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...

6.5CVSS6.5AI score0.01031EPSS
Exploits0References5
OSV
OSV
added 2017/08/31 8:29 p.m.3 views

ALPINE-CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

8.1CVSS6.9AI score0.0475EPSS
Exploits1References1
OSV
OSV
added 2017/08/31 12:0 a.m.3 views

UBUNTU-CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

8.1CVSS7.2AI score0.0475EPSS
Exploits1References7
OSV
OSV
added 2017/08/21 7:29 a.m.8 views

DEBIAN-CVE-2017-12980

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...

6.1CVSS6.4AI score0.01372EPSS
Exploits1References1
OSV
OSV
added 2017/08/21 7:29 a.m.6 views

UBUNTU-CVE-2017-12980

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...

6.1CVSS6.7AI score0.01372EPSS
Exploits1References3
0day.today
0day.today
added 2016/12/04 12:0 a.m.42 views

Microsoft Authorization Manager azman XML External Entity Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ================== www.microsoft.com Product: ============================== Microsoft Authorization Manager v6.1.7601 The Authorization Manager allows you to set role-based permissions for...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of the NameSurfer IP address management server allows a malicious actor to inject malicious code that interacts with the web server.

The vulnerability of the Nixu NameSurfer software lies in errors in the program’s code. Exploiting this vulnerability allows a malicious individual to inject malicious code into the web page displayed by the web system. This malicious code will be executed on the user’s computer when the user ope...

4.3CVSS5.6AI score
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2006/09/07 12:0 a.m.20 views

eabweb.txt

Easy Address Book Web Server Format String Vulnerability Software: Easy Address Book Web Server Version: 1.2 Website: http://www.efssoft.com/ Description: Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer address books easily...

7.4AI score
Exploits0
Rows per page
Query Builder