Lucene search
K

3014 matches found

Openbugbounty
Openbugbounty
added 2017/06/09 3:28 p.m.7 views

kaps.or.kr XSS vulnerability

Vulnerable URL: http://www.kaps.or.kr/en/src/board/view.php?mode==KPSR=1687ref=255=1"--!"kind=20-3type=1text=no= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3165896 VIP website...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2017/06/01 2:53 a.m.22 views

U.S. Dept Of Defense: Exposed FTP Credentials on ███████

Summary: An exposed configuration file leaks FTP credentials to a DoD server. Description: The config file hosted onftp://█████████/pub/misc/FTP███████Sign.exe.config exposes a username █████████ and associated password ███████. These are valid credentials for the FTP server operating on...

1.3AI score
Exploits0
rapid7community
rapid7community
added 2017/05/27 2:51 a.m.275 views

Patching CVE-2017-7494 in Samba: It’s the Circle of Life

With the scent of scorched internet still lingering in the air from the WannaCry Ransomworm, today we see a new scary-and-potentially-incendiary bug hitting the twitter news. The vulnerability - CVE-2017-7494 - affects versions 3.5 released March 1, 2010 and onwards of Samba, the defacto standard...

9.8AI score0.99448EPSS
Exploits24
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/05/22 10:14 p.m.15 views

Challenges with Critical Infrastructure: IoT, Smart Cities Under Attack

Internet of Things technology is now more widespread than many people realize. Systems that fall under the IoT umbrella are popping up in an array of settings, even outside consumer circles. Today, every group from enterprise businesses to city governments is utilizing intelligent, internet- and...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2017/05/22 12:0 a.m.30 views

Eyes Of Network (EON) Detection Consolidation

Consolidation of Eyes Of Network EON detections. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0
CNVD
CNVD
added 2017/05/22 12:0 a.m.3 views

WordPress FTP/SSH Forms Function Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress FTP/SSH forms feature. The vulnerability can be used to...

8.6CVSS8.4AI score0.03668EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/05/12 9:54 a.m.10 views

roxftpd.free.fr XSS vulnerability

Vulnerable URL: http://roxftpd.free.fr/redirect.php3?url=https://www.xssposed.org...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/04/26 3:56 a.m.14 views

U.S. Dept Of Defense: Exposed ███████ Administrative Interface (ColdFusion 11)

Summary: The "/██████████/administrator/" directory is accessible to the public and allows an attacker to further enumerate the system and/or perform brute force attacks. Description: The ████████ website has an exposed "Administrative Interface" for ColdFusion 11, which could be useful to an...

0.8AI score
Exploits0
CNVD
CNVD
added 2017/04/21 12:0 a.m.4 views

BAIC's Android app has a CAPTCHA design flaw

BAIC Android app is an online mobile service software. A CAPTCHA design vulnerability exists in the BAIC Android app. The vulnerability is caused due to the captcha being transmitted in clear text and without conditional restrictions. With the password recovery feature, an attacker can continuous...

7AI score
Exploits0
CNVD
CNVD
added 2017/03/29 12:0 a.m.2 views

SQL Injection Vulnerability in Nanjing Nanda Shangcheng Content Management System CountArticle.jsp Page

Nanjing Nanda Shangcheng content management system is a smart government solution. A SQL injection vulnerability exists in the CountArticle.jsp page of the Nanjing Nanda Shangcheng Content Management System. The lack of filtering of the 'ID' parameter allows an attacker to exploit the vulnerabili...

7.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/03/08 12:46 a.m.15 views

metal-mate.com XSS vulnerability

Vulnerable URL: http://www.metal-mate.com/web/dinsorweb/en/product.php?name=ngvcylinder" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9832992 VIP website status:| No Check...

6.3AI score
Exploits0
OSV
OSV
added 2017/03/07 5:59 p.m.6 views

CVE-2016-9720

IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference : 1999533...

5.3CVSS7.3AI score0.00862EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/02/18 5:59 p.m.26 views

New Relic: [docs-ra.newrelic.com] subdomain and Drupal takeover via unconfigured endpoint

Hi, While conducting New Relic web property reconnaissance, I came across the unused docs-ra.newrelic.com endpoint. This endpoint allowed an unauthenticated user to progress through the Drupal installation process and activate the site with their own configuration – it appears that valid MySQL...

1AI score
Exploits0
hackapp
hackapp
added 2017/02/16 1:53 a.m.15 views

Followers for Instagram - Tags - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Followers for Instagram - Tags published at the 'play' market has multiple vulnerabilities...

1.4AI score
Exploits0References1Affected Software1
OSV
OSV
added 2017/02/13 10:59 p.m.5 views

CVE-2016-9355

An issue was discovered in Becton, Dickinson and Company BD Alaris 8015 Point of Care PC unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and oth...

5.3CVSS5.8AI score0.0051EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/02/02 4:49 p.m.264 views

Pornhub: Debug.log file Exposed to Public \Full Path Disclosure\

The researcher discovered a debug log file exposing path information...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2017/02/02 2:56 p.m.10 views

Printing and Marketing Firm Leaks High-Profile Customers' Data

Franchise Services, the parent company of a number of large print and design companies, said it is investigating claims that sensitive customer data stored by one of its franchisees is accessible online. The data dates back to 2010 and ranges from sensitive health records belonging to a former...

0.4AI score
Exploits0References2
OSV
OSV
added 2017/02/01 10:59 p.m.7 views

CVE-2016-8963

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.4AI score0.00307EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/01/13 7:58 p.m.20 views

New Relic: Restricted User can view multiple account details including customer_root_account_id, payment method, date of first payment, etc.

Summary When a restricted user visits this URL: There is a request sent to this URL: https://www.staging-bam.nr-data.net. Within that request leaks the following information about the entire account, that the restricted user can view:...

6.7AI score
Exploits0
CNVD
CNVD
added 2016/12/14 12:0 a.m.5 views

Apple iOS APPLE-SA-2016-12-12-1 has multiple vulnerabilities (CNVD-2016-12707)

Apple iOS is an operating system developed for mobile devices. Apple iOS has multiple vulnerabilities. An attacker can exploit the vulnerabilities to bypass security restrictions, execute arbitrary code or perform unauthorized actions, and obtain sensitive information...

4.6CVSS7.8AI score0.00398EPSS
Exploits0References1
Rows per page
Query Builder