Lucene search
K

869 matches found

exploitpack
exploitpack
added 2018/04/18 12:0 a.m.32 views

Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities

Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...

4CVSS0.3AI score0.08296EPSS
Exploits7
OSV
OSV
added 2018/04/09 8:29 p.m.6 views

CVE-2017-2826

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests...

3.7CVSS6AI score
Exploits0References2
OSV
OSV
added 2018/03/23 2:29 p.m.3 views

CVE-2018-1211

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by...

7.5CVSS5.8AI score0.03257EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/28 12:0 a.m.5 views

Apache Geode cluster design vulnerability

Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster version 1.4.0. An attacker could exploit the...

7.5CVSS6.8AI score0.02043EPSS
Exploits0References1
Veracode
Veracode
added 2018/02/27 2:10 a.m.20 views

Information Disclosure

geode-core is vulnerable to information disclosure. If a malicious user gains access to the Geode locator, they are able to access the configuration data and previously deployed code. This is possible because the configuration service doesn't correctly authorize configuration requests when...

7.5CVSS7AI score0.02043EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/02/27 12:0 a.m.1 views

Sensu Core Information Disclosure Vulnerability

Sensu Core is a set of business system monitoring platform from Sensu Corporation. The platform is capable of monitoring servers, services, application network devices, and other remote resources. A security vulnerability exists in the 'Sensu::Utilities.redactsensitive' function in Sensu Core...

9.8CVSS6.7AI score0.02404EPSS
Exploits0References1
NVD
NVD
added 2018/02/26 2:29 a.m.26 views

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/02/09 11:0 p.m.45 views

CVE-2018-1000060

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redactsensitive that can result in sensitive configuration data e.g. passwords may be logged in clear-text. This attack appear to be exploitabl...

9.4AI score0.02404EPSS
Exploits0References5
OSV
OSV
added 2018/01/16 10:29 p.m.2 views

CVE-2018-5726

MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings...

9.8CVSS5.8AI score0.19804EPSS
Exploits6References3
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.5 views

The vulnerability of the SCC microprogramming software for ComfortLink II allows a intruder to gain unauthorized access to the device and obtain root privileges.

The vulnerability of the SCC microprogramming software for ComfortLink II lies in the execution of pre-set configuration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device with root privileges, using the SSH protocol...

10CVSS5.7AI score0.04867EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2017/12/08 5:26 p.m.15 views

Node.js third-party modules: [featurebook] Specification Server Directory Traversal via Crafted Browser Request

Hi, A crafted request can be leveraged to traverse the directory structure of a host using the featurebook server package, and request arbitrary files outside of the specified web root. Module specification Name: featurebook Version: 0.0.32 latest release build Verified conditions Test server:...

6.9AI score
Exploits0
NVD
NVD
added 2017/10/13 5:29 p.m.13 views

CVE-2017-10606

Version 4.40 of the TPM Trusted Platform Module firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration...

4.4CVSS4.5AI score0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/09/29 1:34 a.m.3 views

CVE-2014-2029

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com...

8.1CVSS6AI score0.01964EPSS
Exploits0References4
OSV
OSV
added 2017/08/17 8:29 p.m.3 views

CVE-2017-6772

A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...

4.3CVSS5.8AI score0.00941EPSS
Exploits0References2
OSV
OSV
added 2017/08/07 8:29 a.m.2 views

CVE-2017-7916

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be abl...

6.5CVSS5.8AI score
Exploits0References3
CNVD
CNVD
added 2017/08/04 12:0 a.m.4 views

Pegasystem PEGA Platform Access Control Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A security vulnerability exists in th...

6.5CVSS6.1AI score0.03503EPSS
Exploits4References1
CNVD
CNVD
added 2017/08/01 12:0 a.m.4 views

Cisco DPC3939 Firmware Arbitrary Command Execution Vulnerability (CNVD-2017-27789)

Cisco DPC3939 is a wireless voice gateway product from Cisco USA. Cisco DPC3939 firmware security vulnerability. Allows a remote attacker to execute arbitrary commands by utilizing local network access and connecting to the server's root syseventd, as evidenced by copying configuration data...

10CVSS7.8AI score0.03275EPSS
Exploits1References1
OSV
OSV
added 2017/07/31 3:29 a.m.2 views

CVE-2017-9479

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a...

9.8CVSS6.1AI score0.03275EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/07/31 3:0 a.m.20 views

CVE-2017-9479

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a...

8AI score0.03275EPSS
Exploits1References1
OSV
OSV
added 2017/07/07 8:29 p.m.5 views

CVE-2017-8442

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated...

6.5CVSS5.8AI score0.00924EPSS
Exploits0References1
Rows per page
Query Builder