Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1196 matches found

n0where
n0whereadded 2018/02/23 7:52 a.m.36 views

Intelligent Software Composition Analysis Platform: Dependency-Track

Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components however, comes at a cost. Organizations that build on top o...

Exploits0References3
CNVD
CNVDadded 2018/02/05 12:0 a.m.3 views

Cloudera Data Science Workbench Elevation of Privilege Vulnerability

Cloudera Data Science Workbench CDSW is a suite of data science platforms from US-based Cloudera. The platform provides fast, easy and secure self-service data science support for organizations. A security vulnerability exists in CDSW 1.2.0 prior to version 1.x. The vulnerability can be exploited...

8.8CVSS6.7AI score0.00936EPSS
Exploits0References1
Kitploit
Kitploitadded 2018/01/23 1:9 p.m.12 views

Enumdb - MySQL and MSSQL Brute Force And Post Exploitation Tool To Search Through Databases And Extract Sensitive Information

Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials. By default enumdb will use newly found, or given, credentials to search the database and find tables...

7AI score
Exploits0References1
Kitploit
Kitploitadded 2017/12/26 9:10 p.m.20 views

Username Anarchy - Username Tools For Penetration Testing

Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. This is useful for user account/password brute force guessing and username enumeration when usernames are based on the users' names. By attempting a few weak passwords across a large set ...

7.4AI score
Exploits0References1
CNVD
CNVDadded 2017/12/21 12:0 a.m.2 views

GPWeb Information Disclosure Vulnerability

GPWeb is a suite of public management software dedicated to the Brazilian government sector. An information disclosure vulnerability exists in the db.php file in GPWeb version 8.4.61. A remote attacker could exploit this vulnerability to view passwords and user databases...

9.8CVSS6.3AI score0.01435EPSS
Exploits1References1
Fedora
Fedoraadded 2017/11/15 8:21 p.m.31 views

[SECURITY] Fedora 26 Update: apr-util-1.5.4-6.fc26

The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more...

4.7CVSS2.9AI score0.00596EPSS
Exploits3
Exploit DB
Exploit DBadded 2017/11/11 12:0 a.m.35 views

MyBB 1.8.13 - Remote Code Execution

Exploit Title: RCE in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn't require it in some special cases. The...

9.8CVSS9.7AI score0.05766EPSS
Exploits3
Imperva Blog
Imperva Blogadded 2017/11/01 3:39 p.m.27 views

Machine Learning: Identify the Unpredictable – Whiteboard Wednesday [Video]

When it comes to identifying insider threats, the fundamental challenge is how to determine when data access appears out of the ordinary for a typical user or system, and of those instances, which ones are dangerous versus merely unusual. A lot of solutions today serve up so many policy violation...

7AI score
Exploits0
CNVD
CNVDadded 2017/11/01 12:0 a.m.3 views

Telegram Messenger for iOS and Android Information Disclosure Vulnerability

Telegram Messenger for iOS and Android is a suite of mobile messaging tools based on the iOS and Android platforms. An information disclosure vulnerability exists in Telegram Messenger version 2.6 for iOS and Telegram Messenger version 1.8.2 for Android. The vulnerability can be exploited to obta...

7.5CVSS7.1AI score0.0134EPSS
Exploits0References1
Kitploit
Kitploitadded 2017/10/29 9:13 p.m.17 views

Tweep - An Advanced Twitter Scraping Tool

Tweep is an advanced Twitter scraping tool written in python that allows for scraping Tweets and pictures from Twitter profiles without using Twitter's API. Benefits Some of the benefits of using Tweep vs Twitter API: Fast initial setup Can be used anonymously No rate limitations Can fetch all...

7.1AI score
Exploits0References1
OpenVAS
OpenVASadded 2017/10/18 12:0 a.m.36 views

Oracle Mysql Security Updates (oct2017-3236626) 04 - Linux

Oracle MySQL is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.8AI score0.03103EPSS
Exploits0References4
NVD
NVDadded 2017/10/06 10:29 p.m.17 views

CVE-2015-2142

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...

8CVSS8.1AI score0.01671EPSS
Exploits0References2
Cvelist
Cvelistadded 2017/10/06 10:0 p.m.20 views

CVE-2015-2142

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...

8.2AI score0.01671EPSS
Exploits0References2
Cvelist
Cvelistadded 2017/09/25 5:0 p.m.22 views

CVE-2015-4669

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system...

8.4AI score0.01051EPSS
Exploits4References4
Malwarebytes
Malwarebytesadded 2017/09/11 7:53 p.m.45 views

A week in security (September 4 – September 10)

Last week, we looked into expired domain names being used for malvertising, delved into dubious Facebook apps, and checked out Chinese seminar scams. We also explained the whys and wherefores of false positives, explained what Google is doing with HTTPs, warned you away from a fake DHS email, and...

6.8AI score
Exploits0
NVD
NVDadded 2017/08/31 10:29 p.m.19 views

CVE-2014-8677

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and...

5.3CVSS5.6AI score0.03488EPSS
Exploits5References4
FreeBSD
FreeBSDadded 2017/08/08 12:0 a.m.82 views

sqlite3 -- heap-buffer overflow

Google reports: A heap-buffer overflow sometimes a crash can arise when running a SQL request on malformed sqlite3 databases...

9.8CVSS9.6AI score0.08609EPSS
Exploits0References1
Imperva Blog
Imperva Blogadded 2017/07/20 3:30 p.m.43 views

Uncover Sensitive Data with the Classifier Tool

Understanding what sensitive data resides in your enterprise database is a critical step in securing your data. Imperva offers Classifier, a free data classification tool that allows you to quickly uncover sensitive data in your database. Classifier contains over 250 search rules for popular...

6.9AI score
Exploits0
CNVD
CNVDadded 2017/07/11 12:0 a.m.4 views

Schneider Electric Ampla MES Information Disclosure Vulnerability

Ampla Manufacturing Execution System MES is a manufacturing execution system from Schneider Electric, France, for on-site production management in production plants and factories. An information disclosure vulnerability exists in the Schneider Electric Ampla MES, which provides the ability to...

4.1CVSS5.1AI score0.00238EPSS
Exploits0References1
Openbugbounty
Openbugbountyadded 2017/07/02 1:32 p.m.9 views

research.udmercy.edu XSS vulnerability

Vulnerable URL: http://research.udmercy.edu/find/bysubject/databases.php?disciplineid=1"...

6.9AI score
Exploits0
Rows per page
Query Builder