Lucene search
+L

229 matches found

Prion
Prion
added 2019/10/16 3:15 p.m.14 views

Cross site scripting

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

3.5CVSS4.8AI score0.01033EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2019/10/07 3:8 p.m.36 views

CVE-2017-12150

It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Mitigation The missing implied signing for smb2mount -e, smbcacls -e and smbcquotas -e can be...

7.4CVSS2.5AI score0.13334EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/25 12:0 a.m.34 views

SUSE SLED12 / SLES12 Security Update : spamassassin (SUSE-SU-2019:1961-1)

This update for spamassassin to version 3.4.2 fixes the following issues : Security issues fixed : CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails bsc1108745. CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users bsc1108748. CVE-2018-11780: Fixe...

9.8CVSS7.3AI score0.1082EPSS
Exploits0References12
Kitploit
Kitploit
added 2019/07/11 1:14 p.m.144 views

Echidna - Ethereum Fuzz Testing Framework

Echidna is a weird creature that eats bugs and is highly electrosensitive with apologies to Jacob Stanley More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety...

7.2AI score
Exploits0References9
OSV
OSV
added 2019/05/31 10:29 p.m.15 views

CVE-2019-10048

The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying...

7.2CVSS7AI score
Exploits0References1
OSV
OSV
added 2019/04/25 10:47 a.m.4 views

SUSE-SU-2019:1033-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-7175: Fixed multiple memory leaks in...

8.8CVSS7.4AI score0.05916EPSS
Exploits11References28
ThreatPost
ThreatPost
added 2019/02/12 8:29 p.m.133 views

Critical WordPress Plugin Flaw Allows Complete Website Takeover

A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites. Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plug...

0.2AI score
Exploits0References5
Kitploit
Kitploit
added 2019/02/05 8:26 p.m.174 views

Bscan - An Asynchronous Target Enumeration Tool

Synopsis bscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure...

7.3AI score
Exploits0References8
n0where
n0where
added 2019/01/22 3:47 a.m.329 views

Flexible and Powerful Reverse Proxy: Modlishka

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. It was realeased with an aim to: help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing. show current 2FA...

1.8AI score
Exploits0References2
Ubuntu
Ubuntu
added 2018/11/22 11:55 a.m.77 views

USN-3825-2: mod_perl vulnerability

USN-3825-1 fixed a vulnerability in modperl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jan Ingvoldstad discovered that modperl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation....

10CVSS7.7AI score0.08946EPSS
Exploits0
OSV
OSV
added 2018/11/21 4:10 p.m.4 views

USN-3825-1 libapache2-mod-perl2 vulnerability

Jan Ingvoldstad discovered that modperl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code...

10CVSS6.9AI score0.08946EPSS
Exploits0References2
n0where
n0where
added 2018/06/25 3:54 p.m.196 views

Subdomain Discovery Tool: SubFinder

SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed as a successor to the sublist3r project . SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then ...

Exploits0References1
OpenVAS
OpenVAS
added 2018/04/26 12:0 a.m.19 views

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.6AI score0.02808EPSS
Exploits2References5
Prion
Prion
added 2017/12/21 5:29 p.m.21 views

Design/Logic Flaw

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of...

5CVSS7.4AI score0.01585EPSS
Exploits0References2Affected Software11
UbuntuCve
UbuntuCve
added 2017/11/14 8:29 p.m.34 views

CVE-2017-12636

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

9CVSS7.1AI score0.90602EPSS
Exploits15References3
RedHat Linux
RedHat Linux
added 2017/10/04 5:12 a.m.4 views

samba: Some code path don't enforce smb signing, when they should

It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text...

7.4CVSS7.2AI score0.13334EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/09/21 2:18 p.m.6 views

samba: Some code path don't enforce smb signing, when they should

It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text...

7.4CVSS7.2AI score0.13334EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/09/21 11:51 a.m.5 views

samba: Some code path don't enforce smb signing, when they should

It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text...

7.4CVSS7.2AI score0.13334EPSS
Exploits0References5
Prion
Prion
added 2017/09/11 10:29 p.m.21 views

Design/Logic Flaw

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account and similarly can have nagios.cfg owned by a non-root account, which allows local users to gain privileges by leveraging access to this non-ro...

7.2CVSS7.5AI score0.00332EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/04/14 12:0 a.m.18 views

SUSE SLES11 Security Update : sblim-sfcb (SUSE-SU-2017:1008-1)

This update for sblim-sfcb fixes the following issues: Feature enhancements : - A separate sblim-sfcb-openssl1 package was added to the SECURITY Module. fate322032/bsc1012814 This package can be installed additionally, and the SysV Init script will pick the openssl1 variant on the next start,...

5.5AI score
Exploits0References4
Rows per page
Query Builder