Lucene search
K

545 matches found

CVE
CVE
added 2018/07/05 2:0 p.m.110 views

CVE-2018-8026

CVE-2018-8026 affects Apache Solr releases 6.0.0–6.6.4 and 7.0.0–7.3.1, due to an XML External Entity (XXE) flaw in Solr config files (currency.xml, enumsConfig.xml referenced from schema.xml, and TIKA parsecontext) and related XInclude handling. An attacker could craft XML and upload manipulated...

5.5CVSS5.2AI score0.09025EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2018/07/05 2:0 p.m.20 views

CVE-2018-8026

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS5.4AI score0.09025EPSS
Exploits1
OSV
OSV
added 2018/06/15 2:29 a.m.1 views

DEBIAN-CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS8AI score0.04648EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/07 12:0 a.m.2 views

Code Execution Vulnerability in DocCms 2016 Version

DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. A code execution vulnerability...

8.1AI score
Exploits0
Veracode
Veracode
added 2018/05/22 5:25 a.m.18 views

XML External Entity (XXE)

Apache Solr is vulnerable to XML enternal entity XXE injection. The attack is possible because Solr config files are accessible through API if Xinclude is enabled. Using file/ftp/http protocols, arbitrary files from the Solr server can be exposed...

5.5CVSS6AI score0.03917EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2018/05/21 7:29 p.m.23 views

CVE-2018-8010

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...

5.5CVSS6.4AI score0.03917EPSS
Exploits0References3
NVD
NVD
added 2018/05/21 7:29 p.m.18 views

CVE-2018-8010

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...

5.5CVSS5.4AI score0.03917EPSS
Exploits0References3
OSV
OSV
added 2018/05/21 7:29 p.m.19 views

CVE-2018-8010

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...

5.5CVSS7AI score
Exploits0References3
Debian CVE
Debian CVE
added 2018/05/21 7:0 p.m.22 views

CVE-2018-8010

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...

5.5CVSS5.5AI score0.03917EPSS
Exploits0
CNVD
CNVD
added 2018/05/18 12:0 a.m.1 views

IBM Tivoli Application Dependency Discovery Manager for Unix Information Disclosure Vulnerability

IBM Tivoli Application Dependency Discovery Manager for Unix TADDM is a U.S.-based IBM product in a suite of IT service management solutions for the Unix platform that provides robust automated application mapping and discovery to help administrators understand business application structure,...

5.5CVSS6.2AI score0.00347EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/24 12:0 a.m.2 views

Code Execution Vulnerability in CmsEasy v5.7

CMSeasy is a web content management system based on PHP+Mysql architecture and a PHP development platform. The use of modular development, easy to use features easy to expand, can be oriented to large and medium-sized sites to provide heavyweight website construction solutions. CmsEasy v5.7 versi...

8.1AI score
Exploits0
OSV
OSV
added 2017/10/11 3:29 a.m.4 views

CVE-2017-15236

Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config files and extendword.txt...

7.5CVSS5.8AI score0.03609EPSS
Exploits3References1
CNVD
CNVD
added 2017/10/11 12:0 a.m.2 views

Intelbras WRN 150 Security Bypass Vulnerability

Intelbras WRN 150 devices is a wireless router from Intelbras Brazil. A security vulnerability exists in the Intelbras WRN 150 devices. A remote attacker can exploit the vulnerability to read configuration files with the help of a direct request, thereby bypassing authentication...

9.8CVSS7.7AI score0.60857EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/10 12:0 a.m.1 views

Arbitrary File Download Vulnerability in javaee Forum System

javaee forum system is a free open source javaee forum source code system , using springMVC mybatis framework development. javaee forum system has an arbitrary file download vulnerability , an attacker can forge files through the path in the request to download the site configuration or system...

7.2AI score
Exploits0
CNVD
CNVD
added 2017/05/25 12:0 a.m.5 views

Roundcube Webmail Information Disclosure Vulnerability (CNVD-2017-08084)

RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. An information disclosure vulnerability exists in Roundcube Webmail version 1.1.x before 1.1.2. A remote attacker can exploit this vulnerability by readi...

7.5CVSS6.2AI score0.03767EPSS
Exploits0References1
exploitpack
exploitpack
added 2017/02/25 12:0 a.m.17 views

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

Exploits0
OSV
OSV
added 2017/02/13 9:59 p.m.1 views

CVE-2016-9357

An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life EoL and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 201...

5.3CVSS5.8AI score0.01883EPSS
Exploits0References2
OSV
OSV
added 2017/02/13 9:59 p.m.2 views

CVE-2016-8346

An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access configuration and log files PRIVILEGE ESCALATION...

7.5CVSS5.8AI score0.02078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/02/08 7:59 p.m.3 views

CVE-2015-5013

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access...

5.5CVSS5.4AI score0.00305EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2016/10/10 8:38 p.m.10 views

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

7.8CVSS7.3AI score0.00693EPSS
Exploits0References4
Rows per page
Query Builder