Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9454 matches found

Hacker One
Hacker Oneadded 2015/12/21 2:43 p.m.17 views

Coinbase: Potential for Double Spend via Sign Message Utility

Hi, There is an unlikely but theoretically exploitable vulnerability is caused by allowing users to sign messages with their addresses. So far I have not been able to exploit this, but I believe that it is exploitable. On coinbse.com, the user can see a list of their addresses here. When they cli...

6.8AI score
Exploits0
Mozilla
Mozillaadded 2015/12/15 12:0 a.m.38 views

Underflow through code inspection — Mozilla

Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it...

10CVSS6.9AI score0.00863EPSS
Exploits0References2Affected Software4
Mozilla
Mozillaadded 2015/12/15 12:0 a.m.45 views

Integer overflow in MP4 playback in 64-bit versions — Mozilla

Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash...

6.8CVSS7.1AI score0.02438EPSS
Exploits0References2Affected Software3
Mozilla
Mozillaadded 2015/12/15 12:0 a.m.51 views

Use-after-free in WebRTC when datachannel is used after being destroyed — Mozilla

Security researcher Looben Yang reported a use-after-free error in WebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still believe is has a datachannel open after another WebRTC function has closed it. This results in attempts to use the now destroyed datachannel...

7.5CVSS6.7AI score0.01773EPSS
Exploits0References2Affected Software3
Packet Storm
Packet Stormadded 2015/12/10 12:0 a.m.26 views

appRain 4.0.3 Path Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: [email protected] Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2015/12/10 12:0 a.m.30 views

appRain 4.0.3 Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2015/12/10 12:0 a.m.7 views

Avast! - Heap Overflow Unpacking MoleBox Archives

Avast! - Heap Overflow Unpacking MoleBox Archives Source: https://code.google.com/p/google-security-research/issues/detail?id=552 Trivial fuzzing of molebox archives revealed a heap overflow decrypting the packed image in moleboxMaybeUnpack. This vulnerability is obviously exploitable for remote...

0.4AI score
Exploits0
Packet Storm
Packet Stormadded 2015/12/09 12:0 a.m.34 views

4images 1.7.11 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...

Exploits0
Packet Storm
Packet Stormadded 2015/12/09 12:0 a.m.38 views

4images 1.7.12 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.12 Fixed in: 1.7.13 update Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015...

Exploits0
Packet Storm
Packet Stormadded 2015/12/09 12:0 a.m.33 views

Geeklog 2.1.0 Command Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to...

Exploits0
Packet Storm
Packet Stormadded 2015/12/09 12:0 a.m.36 views

4images 1.7.11 Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor:...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2015/12/09 12:0 a.m.28 views

phpwcms 1.7.9 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: phpwcms 1.7.9 Fixed in: 1.8.0 RC1 Fixed Version https://github.com/slackero/phpwcms/archive/ Link: phpwcms-1.8.0-RC1.zip Vendor Website: http://www.phpwcms.de/ Vulnerability CSRF Type: Remote Yes Exploitable: Reported to...

0.7AI score
Exploits0
Talos
Talosadded 2015/12/08 12:0 a.m.40 views

Microsoft .NET Manifest Resource Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...

4.3CVSS6.5AI score0.17528EPSS
Exploits0
exploitpack
exploitpackadded 2015/11/30 12:0 a.m.24 views

HumHub 0.11.20.20.0-beta.2 - SQL Injection

HumHub 0.11.20.20.0-beta.2 - SQL Injection === LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHub 0.11.2 and 0.20.0-beta.2 Issue Overview...

0.3AI score
Exploits0
Exploit DB
Exploit DBadded 2015/11/30 12:0 a.m.46 views

HumHub 0.11.2/0.20.0-beta.2 - SQL Injection

=== LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHub 0.11.2 and 0.20.0-beta.2 Issue Overview ============== Vulnerability Type: 89 - Improper...

7AI score
Exploits0
ICS
ICSadded 2015/11/27 12:0 a.m.221 views

Siemens SIMATIC Communication Processor Vulnerability (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Communication Processor Vulnerability: Authentication Bypass Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-15-335-03...

9.7CVSS6.8AI score0.02892EPSS
Exploits0References10
0day.today
0day.todayadded 2015/11/17 12:0 a.m.25 views

AlegroCart 1.2.8 - LFI/RFI Vulnerability

Exploit for php platform in category web applications 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type: LFI/RFI Remote Exploitable: Yes...

7.1AI score
Exploits0
0day.today
0day.todayadded 2015/11/17 12:0 a.m.23 views

LiteCart 1.3.2 Cross Site Scripting Vulnerability

LiteCart version 1.3.2 suffers from a cross site scripting vulnerability. 1. Introduction Affected Product: LiteCart 1.3.2 Fixed in: 1.3.3 Fixed Version Link: https://www.litecart.net/downloading?version=1.3.3.1 Vendor Contact: email protected Vulnerability Type: XSS Remote Exploitable: Yes...

6.7AI score
Exploits0
exploitpack
exploitpackadded 2015/11/16 12:0 a.m.42 views

AlegroCart 1.2.8 - Multiple SQL Injections

AlegroCart 1.2.8 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL...

0.2AI score
Exploits0
exploitpack
exploitpackadded 2015/11/16 12:0 a.m.14 views

AlegroCart 1.2.8 - LocalRemote File Inclusion

AlegroCart 1.2.8 - LocalRemote File Inclusion Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type:...

7.4AI score
Exploits0
Rows per page
Query Builder