Lucene search
K

6950 matches found

Packet Storm
Packet Storm
added 2015/02/05 12:0 a.m.39 views

K7 Computing 14.2.0.240 Privilege Escalation

/ Exploit Title - K7 Computing Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.k7computing.co.uk/ Tested Version - 14.2.0.240 Driver Version - 12.8.0.104 - K7Sentry.sys Tested on OS - 32bit Windo...

7.2CVSS1AI score0.01047EPSS
Exploits5
Exploit DB
Exploit DB
added 2015/02/04 12:0 a.m.36 views

BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation

/ Exploit Title - BullGuard Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.bullguard.com/ Tested Version - 14.1.285.4 Driver Version - 1.0.0.6 - BdAgent.sys Tested on OS - 32bit Windows XP SP3...

7.2CVSS6.5AI score0.01085EPSS
Exploits5
Packet Storm
Packet Storm
added 2015/01/26 12:0 a.m.46 views

Comodo Backup 4.4.0.0 NULL Pointer Dereference

/ Exploit Title - Comodo Backup Null Pointer Dereference Privilege Escalation Date - 23rd January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.comodo.com Tested Version - 4.4.0.0 Driver Version - 1.0.0.957 - bdisk.sys Tested on OS - 32bit Windows XP SP3 and Windows 7...

7.5CVSS0.6AI score0.08086EPSS
Exploits5
securityvulns
securityvulns
added 2015/01/25 12:0 a.m.61 views

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

Advisory: AVM FRITZ!Box: Firmware Signature Bypass The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if t...

9.3CVSS7.9AI score0.01503EPSS
Exploits3
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.68 views

Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities

Vulnerability title: Wordpress plugin Pods = 2.4.3 XSS and CSRF vulnerabilities vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7956, CVE-2014-7957 Product: pods Affected version: pods = 2.4.3 Vulnerabilities fixed in version: 2.5 XSS vulnerability CVE-2014-7956, authentication is needed:...

6.8CVSS0.4AI score0.02041EPSS
Exploits3
exploitpack
exploitpack
added 2015/01/14 12:0 a.m.42 views

Ansible Tower 2.0.2 - Multiple Vulnerabilities

Ansible Tower 2.0.2 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.5 impact: high homepage...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/12/23 12:0 a.m.65 views

[oCERT-2014-010] SoX input sanitization errors

2014-010 SoX input sanitization errors Description: The SoX project is an open source tool for sound processing. The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to...

7.5CVSS0.2AI score0.07709EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/12/12 12:0 a.m.23 views

Debian: Security Advisory (DSA-3102-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.13195EPSS
Exploits1References3
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.118 views

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf

Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in the context of the webserver. Details =======...

7.5CVSS7.8AI score0.05573EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/28 5:54 a.m.4 views

FAST/TOOLS vulnerable to improper restriction of XML external entity references

Overview FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC coordinate...

3.2CVSS6.6AI score0.00319EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2014/11/10 12:0 a.m.85 views

vldPersonals 2.7 - Multiple Vulnerabilities

Exploit Title: VLD Personal – Multiple Vulnerabilities Date: 09/11/2014 Exploit Author: Mr T Exploit Authors Website: http://www.securitypentester.ninja Vendor Homepage: http://www.vldpersonals.com/ Software Link: http://www.vldpersonals.com/clients/downloads.php Vulnerable Version: 2.7 Fixed...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/06 12:0 a.m.67 views

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact: Critical CVE...

7.5CVSS7AI score0.08541EPSS
Exploits9
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.54 views

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme

SEC Consult Vulnerability Lab Security Advisory 20141029-1 ======================================================================= title: Persistent cross site scripting product: Confluence RefinedWiki Original Theme vulnerable version: 3.x - 4.0.x fixed version: 4.0.12 impact: high homepage:...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/10/28 12:0 a.m.60 views

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

4CVSS6.6AI score0.03324EPSS
Exploits6
securityvulns
securityvulns
added 2014/10/05 12:0 a.m.66 views

Elasticsearch vulnerability CVE-2014-6439

Summary: Elasticsearch versions 1.3.x and prior have a default configuration for CORS that allows an attacker to craft links that could cause a user’s browser to send requests to Elasticsearch instances on their local network. These requests could cause data loss or compromise. We have been...

4.3CVSS1.3AI score0.02023EPSS
Exploits0
0day.today
0day.today
added 2014/10/02 12:0 a.m.62 views

TestLink 1.9.11 - Multiple SQL Injection Vulnerabilities

Two SQL injection vulnerabilities have been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The following URLs and parameters ha...

9CVSS0.2AI score0.03525EPSS
Exploits6
seebug.org
seebug.org
added 2014/09/29 12:0 a.m.21 views

Glype 1.4.9 - Cookie Injection Path Traversal LFI

No description provided by source. ------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September 2014...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/09/24 12:0 a.m.18 views

Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion

Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion ------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September...

Exploits0
0day.today
0day.today
added 2014/09/23 12:0 a.m.91 views

Glype Proxy 1.4.9 Cookie Jar Path Traversal / Code Execution / Filter Bypass

A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected. Glype Proxy version 1.4.9 suffers from a local address filer bypass...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Sitecore Staging Module 5.4.0 - Authentication bypass and File Manipulation

No description provided by source. SEC Consult Security Advisory 20091217-0 ========================================================================== title: Authentication bypass and file manipulation in Sitecore Staging Module products: Sitecore Staging Module vulnerable version: Sitecore Stagi...

7.1AI score
Exploits0
Rows per page
Query Builder