Lucene search
K

407 matches found

OSV
OSV
added 2016/09/07 7:28 p.m.4 views

CVE-2016-6825

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtai...

9.8CVSS5.8AI score0.02134EPSS
Exploits0References2
myhack58
myhack58
added 2016/03/08 12:0 a.m.34 views

Teaching content management system ATutor 2.2.1 injection vulnerability-vulnerability warning-the black bar safety net

Atutor is an open source“content management system”Learning Content Management System, referred to as LCMS。 Using PHP, MySQL, HTTP Web server is recommended to use Apache. Teaching content management system ATutor 2.2.1 injection vulnerability Atutor in addition to teaching content management...

9.4AI score0.79622EPSS
Exploits7
Packet Storm
Packet Storm
added 2016/03/01 12:0 a.m.41 views

ATutor 2.2.1 SQL Injection / Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...

5.1CVSS0.2AI score0.79622EPSS
Exploits7
Exploit DB
Exploit DB
added 2016/03/01 12:0 a.m.56 views

ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...

9.8CVSS7.4AI score0.79622EPSS
Exploits7
Metasploit
Metasploit
added 2016/02/29 8:59 p.m.42 views

ATutor 2.2.1 SQL Injection / Remote Code Execution

This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator's interface where they can upload malicious code. This module requires Metasploit:...

9.8CVSS1AI score0.79622EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2016/02/12 12:0 a.m.6 views

The vulnerability of the microprogramming software of the Cisco wireless LAN controller allows a intruder to alter configuration parameters.

The vulnerability of Cisco wireless LAN controllers’ microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to remotely alter configuration parameters...

10CVSS7.8AI score0.02976EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2015/12/18 12:0 a.m.5 views

PT-2015-2867

Name of the Vulnerable Software and Affected Versions Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18 Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b Juniper ScreenOS versions 6.3.0r15...

10CVSS8.8AI score0.614EPSS
Exploits7References20
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.7 views

The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a intruder to gain access to the device.

The vulnerability of the web interface of the Microprogramming Software for Control Systems of Power Supply Devices Janitza UMG 508, 509, 511, 604, 605 arises from the fact that these devices only support short PIN codes for authentication. Exploiting this vulnerability could allow an attacker,...

10CVSS5.5AI score0.02858EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/10/21 12:0 a.m.7 views

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the microprogrammed software of Schneider Electric’s Modicon M340 programmable logic controller is due to authentication deficiencies. Exploiting this vulnerability could allow an attacker to cause malfunctions in service operations or execute arbitrary codes...

7.8CVSS8AI score0.04922EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/10/13 12:0 a.m.19 views

The vulnerability of the Cisco IOS operating system, which allows a perpetrator to gain unauthorized access to the device

The vulnerability of the SSHv2 component in Cisco IOS systems is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to a device by manipulating information about known user names and their associated RSA keys...

9.3CVSS5.5AI score0.04388EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/03/20 12:0 a.m.133 views

Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p1 Multiple Vulnerabilities

The version of the remote NTP server is 4.x prior to 4.2.8p1. It is, therefore, affected by the following vulnerabilities : - A security weakness exists due to the configauth function improperly generating default keys when no authentication key is defined in the ntp.conf file. Key size is limite...

7.5CVSS7.4AI score0.7809EPSS
Exploits4References7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Cerberus FTP Server 2.1 Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2013/06/19 9:30 a.m.56 views

Upgrade bundled Tomcat to the latest minor release

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33563. panel Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabiliti...

5CVSS7.2AI score0.11975EPSS
Exploits3Affected Software1
Apache Tomcat
Apache Tomcat
added 2012/10/19 12:0 a.m.57 views

Fixed in Apache Tomcat 6.0.36

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

5CVSS6.9AI score0.11975EPSS
Exploits4Affected Software1
Apache Tomcat
Apache Tomcat
added 2012/09/06 12:0 a.m.57 views

Fixed in Apache Tomcat 7.0.30

Important: Denial of service CVE-2012-3544 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server. This was...

5CVSS6.8AI score0.11975EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2012/06/25 6:5 p.m.6 views

crypt(): DES encrypted password weakness

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

4.3CVSS7.3AI score0.05734EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2011/02/08 12:0 a.m.0 views

HP Universal CMDB Server Axis2 Default Credentials Remote Code Execution

HP Universal CMDB is a modular management system that consists of a business-service-oriented data model with built-in discovery of configuration items CIs and configuration item dependencies, visualization and mapping of business services, and tracking of configuration changes. A remote code...

8.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/02/08 12:0 a.m.66 views

CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (CVE-2010-0219)

CA ARCserve D2D is a disk-based backup solution that allows protecting and recovering business data on both physical and virtual servers. It includes a web 2.0 interface that proactively delivers updates. A remote code execution vulnerability has been reported in CA ARCserve D2D. The vulnerabilit...

10CVSS7.6AI score0.89871EPSS
Exploits17
Check Point Advisories
Check Point Advisories
added 2010/06/21 12:0 a.m.30 views

HP OpenView Client Configuration Manager Radia Notify Code Execution (CVE-2006-5782)

An authentication weakness vulnerability exists in the Radia Notify Daemon component of HP OpenView Client Configuration Manager. The flaw is created by improper handling of user supplied data passed to the affected Radia Notify Daemon on TCP port 3465. By sending a crafted message, the attacker...

7.8CVSS6.6AI score0.03509EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/04/04 12:0 a.m.23 views

RHEL 3 / 4 : freeradius (RHSA-2006:0271)

Updated freeradius packages that fix an authentication weakness are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized...

7.5CVSS6.2AI score0.04381EPSS
Exploits0References5
Rows per page
Query Builder