Lucene search
K

545 matches found

Exploit DB
Exploit DB
added 2016/09/12 12:0 a.m.685 views

MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

!/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski http://legalhackers.com This is a limited version of the PoC exploit. It only...

10CVSS7.8AI score0.6773EPSS
Exploits20
OSV
OSV
added 2016/08/24 2:0 a.m.6 views

CVE-2016-5812

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file...

3.3CVSS5.8AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2016/06/10 1:59 a.m.4 views

CVE-2016-4494

Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...

8.8CVSS5.8AI score0.00602EPSS
Exploits0References1
OSV
OSV
added 2016/05/31 1:59 a.m.2 views

CVE-2016-0879

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL...

7.5CVSS5.9AI score0.02221EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/05/24 12:0 a.m.38 views

openSUSE Security Update : the Linux Kernel (openSUSE-2016-629)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188:...

6.2CVSS6.4AI score0.01814EPSS
Exploits13References26
CNVD
CNVD
added 2016/05/20 12:0 a.m.39 views

Moxa EDR-G903 Unauthorized Operation Vulnerability

Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in the Moxa EDR-G903 V3.4.11 and earlier versions. An unauthenticated remote attacker can exploit the vulnerability by accessing a specially crafted URL to delete server-side...

7.8CVSS7AI score0.02221EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/03 12:0 a.m.3 views

ICONICS WebHMI Directory Traversal Vulnerability

ICONICS WebHMI is a suite of real-time automation software in the HMI/SCADA suite using a Web browser. A directory traversal vulnerability exists in ICONICS WebHMI, which can be exploited by a remote attacker to download and view configuration files containing hashed passwords and other parameter...

7.5CVSS7AI score0.02402EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/19 12:0 a.m.2 views

Cisco ASR 9000 Series Router vty session closure denial of service vulnerability

The Cisco ASR 9000 is Cisco's ultra-high-capacity, carrier-grade edge router platform designed for next-generation IP network IP NGN transformation. A security vulnerability exists in the Cisco ASR 9000 series routers that allows local users to exploit the vulnerability to shut down VTY sessions ...

4.9CVSS6.6AI score0.00336EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/03 12:0 a.m.2 views

Schneider Electric InduSoft Password Storage Vulnerability

InduSoft Web Studio is a SCADA system and embedded instrumentation solution for developing HMIs, supervisory control and data acquisition. Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 stores the passwords for the...

1.7CVSS6.4AI score0.00315EPSS
Exploits0References1
0day.today
0day.today
added 2015/03/21 12:0 a.m.173 views

ZTE ZXV10-H201L Multiple Vulnerabilities

Exploit for hardware platform in category web applications /-------------------------------------------------/ /Exploits found by TheWalk1ngShad0w / /My email: email protected / /-------------------------------------------------/ Exploit tested & working on modem with this build info:...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2015/01/16 7:43 a.m.26 views

Vimeo: CRITICAL full source code/config disclosure for Cameo

Hi! The server at https://ci.cameo.tv/ has directory listing on and seems to host quiet a few debian packages containing extremely sensitive information database paswords, API keys, you name it. One example is the config package containing 16 config files, even personal ones containing local...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/11/10 12:0 a.m.19 views

Fedora 21 : fedup-0.9.0-2.fc21 (2014-14347)

This update works around a serious problem in Fedora 21 Beta which makes systems automatically shut down 15 minutes into the upgrade. Other improvements : - Adds --product=PRODUCT flag, required for upgrades to F21 - Uses host's config files in upgrade.img, which should fix various upgrade proble...

2.1CVSS5.4AI score0.00379EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/11/03 12:0 a.m.18 views

Fedora 20 : fedup-0.9.0-1.fc20 (2014-14027)

Adds --product=PRODUCT flag, required for upgrades to F21 - Uses host's config files in upgrade.img, which should fix various upgrade problems e.g. incorrect keyboard layout when unlocking disks due to missing vconsole.conf - Logging improvements: complete upgrade log should appear in system...

2.1CVSS5.4AI score0.00379EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/10/28 12:0 a.m.16 views

HttpCombiner ASP.NET Remote File Disclosure Vulnerability

HttpCombiner ASP.NET is prone to remote file disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0References1
Packet Storm
Packet Storm
added 2014/10/06 12:0 a.m.49 views

Ultra Electronics 7.2.0.19 / 7.4.0.7 SQL Injection / Direction Creation

Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...

0.3AI score
Exploits0
NVD
NVD
added 2014/09/02 2:55 p.m.13 views

CVE-2014-5339

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

4.9CVSS6.2AI score0.01785EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/09/02 2:55 p.m.21 views

CVE-2014-5339

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

4.9CVSS5.9AI score0.01785EPSS
Exploits0References2
Prion
Prion
added 2014/09/02 2:55 p.m.20 views

Code injection

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

4.9CVSS6.7AI score0.01785EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.71 views

Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities

Deutsche Telekom CERT Advisory DTC-A-20140820-001 Summary: Several vulnerabilities were found in checkmk prior versions 1.2.4p4 and 1.2.5i4. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS 2 - write access to config files .mk files 3 - arbitrary code execution Recommendations:...

9.3CVSS6.5AI score0.06138EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.49 views

openSUSE Security Update : kernel (openSUSE-SU-2013:1042-1)

The openSUSE 12.2 kernel was updated to fix security issue and other bugs. Security issues fixed: CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...

8.4CVSS7.9AI score0.47709EPSS
Exploits16References12
Rows per page
Query Builder