Lucene search
K

381 matches found

Debian CVE
Debian CVE
added 2020/01/31 3:8 p.m.18 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.8AI score0.00504EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/01/30 9:49 p.m.67 views

200K WordPress Sites Vulnerable to Plugin Flaw

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...

6.8CVSS0.7AI score0.11905EPSS
Exploits2References6
exploitpack
exploitpack
added 2020/01/17 12:0 a.m.11 views

Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass

Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/17 12:0 a.m.168 views

WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Tested on: LAMP stack with most recent...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/01/17 12:0 a.m.144 views

WordPress Time Capsule 1.21.16 Authentication Bypass

Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Tested on: LAMP stack with most recent...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/01/17 12:0 a.m.123 views

Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Teste...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/01/16 12:0 a.m.1 views

WordPress WP Time Capsule Authentication Bypass Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authentication bypass vulnerability exists in WordPress WP Time Capsule, which can be exploited by an...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/01/15 9:19 p.m.69 views

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers...

7.5AI score
Exploits0References8
WPVulnDB
WPVulnDB
added 2020/01/14 12:0 a.m.9 views

Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass

It is possible to login as an administrator on the site due to logical mistakes in the code. PoC The issue resides in wptc-cron-functions.php line 12 where it parses the request. This parserequest function calls the function decodeserverrequestwptc which check if the raw POST payload contains a...

7.5CVSS3AI score0.46454EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2020/01/14 12:0 a.m.22 views

Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass

It is possible to login as an administrator on the site due to logical mistakes in the code. The issue resides in wptc-cron-functions.php line 12 where it parses the request. This parserequest function calls the function decodeserverrequestwptc which check if the raw POST payload contains a certa...

7.5CVSS0.9AI score0.46454EPSS
Exploits2References2
CISA
CISA
added 2019/05/30 12:0 a.m.13 views

Apple Releases Security Updates for AirPort Extreme, AirPort Time Capsule

Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security...

7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/05/14 1:8 p.m.3 views

katello-installer-base: QMF methods exposed to goferd via qdrouterd

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

8CVSS5.8AI score0.00692EPSS
Exploits0References4
Prion
Prion
added 2019/04/11 6:29 p.m.9 views

Design/Logic Flaw

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full...

7.2CVSS7.3AI score0.00472EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/11 6:29 p.m.13 views

CVE-2019-5024

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full...

7.6CVSS7.3AI score0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/11 5:45 p.m.24 views

CVE-2019-5024

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full...

7.6CVSS7.3AI score0.00472EPSS
Exploits0References1
CVE
CVE
added 2019/04/11 5:45 p.m.48 views

CVE-2019-5024

Capsule Technologies SmartLinx Neuron 2 devices (firmware 9.0.3 and older) contain a restricted environment escape vulnerability in kiosk mode. A specific sequence of USB keyboard inputs can escape the restricted environment and grant full administrator access to the underlying Windows OS. Affect...

7.6CVSS7.3AI score0.00472EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/04/11 3:29 p.m.3 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

8CVSS7.2AI score0.00692EPSS
Exploits0References2
CVE
CVE
added 2019/04/11 2:31 p.m.127 views

CVE-2019-3845

CVE-2019-3845 affects Red Hat Satellite tools (qpid-dispatch-router). The root cause is exposed QMF methods via qdrouterd, enabling an attacker authenticated on a registered host to access QMF methods across registered hosts and execute privileged commands. Red Hat issued RHSA-2019:1223 to addres...

8CVSS7.5AI score0.00692EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2019/04/11 2:31 p.m.4 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

8CVSS5.9AI score0.00692EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/04/09 5:23 p.m.4 views

katello-installer-base: QMF methods exposed to goferd via qdrouterd

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

8CVSS5.8AI score0.00692EPSS
Exploits0References4
Rows per page
Query Builder