CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7736 matches found

CNVD•added 2017/06/20 12:0 a.m.•2 views

Code Execution Vulnerability in Axublog Blogging System

axublog is a PHP personal blog system. A code execution vulnerability exists in the Axublog blog system. The vulnerability is caused due to the failure to validate the reloaded files, which can be exploited by an attacker to construct a specially crafted file, upload a shell, and gain...

7.8AI score

Exploits0

Schneier on Security•added 2017/06/16 9:14 p.m.•17 views

Friday Squid Blogging: Squids from Space Video Game

An early preview. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score

Exploits0

Schneier on Security•added 2017/06/14 1:15 p.m.•44 views

The grugq on Reality Winner, the Intercept, and OPSEC

Good commentary...

7.1AI score

Exploits0

Openbugbounty•added 2017/06/14 8:44 a.m.•18 views

wanderingroot.com XSS vulnerability

Vulnerable URL: http://www.wanderingroot.com/blog/2015/9/3/sweet-potato-egg-scramble/...

6.9AI score

Exploits0

Atlassian•added 2017/06/12 2:52 p.m.•28 views

Comments from retricted blog post visible for unrestricted user

h5. Summary All comments made before the post restriction changed to "Viewing and editing restricted" will be available to all user in all updates. This is only happening for blog post, and page restriction working as expected. Tested in version 5.9.1customer's version and 6.1.3, same behavious c...

1.3AI score

Exploits0Affected Software1

Schneier on Security•added 2017/06/08 12:15 p.m.•17 views

Safety and Security and the Internet of Things

Ross Anderson blogged about his new paper on security and safety concerns about the Internet of Things. See also this short video. It's very much along the lines of what I've been writing...

7.2AI score

Exploits0

Veracode•added 2017/06/07 6:38 a.m.•23 views

Sensitive Information Leak

Moodle is vulnerable to a sensitive information leak. blog/rsslib.php does not prevent guest users from accessing sensitive information from hidden blog posts through related RSS feeds for site-level blogs...

5CVSS5.7AI score0.014EPSS

Exploits0References4Affected Software1

Veracode•added 2017/06/01 6:15 a.m.•16 views

Cross-site Scripting (XSS)

Moodle is susceptible to cross-site scripting XSS attacks. The attacks are possible because the parameter passed to blog/index.php is not properly sanitized. It allows the attackers to inject arbitrary web script or HTML through it when Internet Explorer is used...

2.6CVSS5.2AI score0.01174EPSS

Exploits0References7Affected Software1

CISA•added 2017/06/01 12:0 a.m.•13 views

SEI Issues Advice on Ransomware

The Software Engineering Institute SEI of Carnegie Mellon University has released a blog post on best practices for preventing and responding to ransomware. This common malware captures, encrypts, and holds your data to extort a ransom. SEI’s top recommendation to thwart ransomware attacks is to...

6.8AI score

Exploits0References2

Openbugbounty•added 2017/05/29 4:25 a.m.•10 views

blog-food.ru XSS vulnerability

Vulnerable URL: https://blog-food.ru/search-results?query=%22%3E%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%2FXSSPOSED%2F%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 10522...

6.3AI score

Exploits0

Packet Storm•added 2017/05/27 12:0 a.m.•47 views

Aries QWR-1104 Wireless-N Cross Site Scripting

Exploit Title: Aries QWR-1104 Wireless-N Router Execute JavaScript in Wireless Site Survey page. Date: 26-05-2017 Vendor Homepage : http://www.ariesnetworks.net/ Firmware Version: WRC.253.2.0913 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

0.4AI score

Exploits0

MSRC•added 2017/05/25 7:0 a.m.•6 views

テクニカルサポート詐欺との戦い

本記事は、Microsoft Digital Crimes Unit の Courtney Gregoire による投稿 "The fight against tech support scams" 2017 年 5 月 18 日米国時間公開を翻訳したも...

0.4AI score

Exploits0

Tenable Nessus•added 2017/05/25 12:0 a.m.•12 views

Moodle 2.7.x < 2.7.20 Multiple Vulnerabilities

Binary data 700123.prm...

6.5CVSS7.3AI score0.01232EPSS

Exploits0References4

Tenable Nessus•added 2017/05/25 12:0 a.m.•15 views

Moodle 3.2.x < 3.2.3 Multiple Vulnerabilities

Binary data 700126.prm...

6.5CVSS7.3AI score0.01232EPSS

Exploits0References4

Veracode•added 2017/05/24 10:17 a.m.•17 views

Unauthorized Blog Search

Moodle is vulnerable to unauthorized blog searches. There is a missing capability check that allows users to search blogs without permission...

5.3CVSS6.5AI score0.01046EPSS

Exploits0References2Affected Software1

Veracode•added 2017/05/24 9:57 a.m.•16 views

Arbitrary Blog Ownership

Moodle is vulnerable to arbitrary blog ownership. If an authenticated user edits a blog through an external blog link, the ownership changes to the current user...

6.5CVSS6.7AI score0.01232EPSS

Exploits0References2Affected Software1

rapid7community•added 2017/05/18 7:59 p.m.•27 views

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...

6.9AI score

Exploits0