Lucene search
K

3718 matches found

Cvelist
Cvelist
added 2014/04/01 1:0 a.m.47 views

CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

6AI score0.0185EPSS
Exploits0References5
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.172 views

CVE-2013-6955 Synology DSM remote code execution

Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...

10CVSS0.7AI score0.84571EPSS
Exploits9
Hacker One
Hacker One
added 2014/03/15 11:10 a.m.17 views

OkCupid: Security issue in OkCupid

I come across security issue in OkCupid. OkCupid is using Components with Known Vulnerabilities. Link: http://www.okcupid.com/ Criticality level: Medium Each http response shows server information Version, which is not useful to user and browser. But same can be useful to attacker. Description :...

6.6AI score
Exploits0
Debian CVE
Debian CVE
added 2014/02/26 11:0 a.m.31 views

CVE-2013-4322

Removed by vendor...

4.3CVSS6.9AI score0.09458EPSS
Exploits2
Cvelist
Cvelist
added 2014/02/11 5:0 p.m.42 views

CVE-2014-1401

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 search parameter to mod/content/content.php or 2 CLIENTIP, 3 XFORWARDEDFOR, 4 XFORWARDED, 5 FORWARDEDFOR, or 6 FORWARDED HTTP header to index.php...

8AI score0.02982EPSS
Exploits5References8
RedHat Linux
RedHat Linux
added 2014/02/10 5:29 p.m.41 views

Moderate: Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update

Updated spacewalk-java, spacewalk-web, and satellite-branding packages that fix multiple security issues are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

4.3CVSS6AI score0.0185EPSS
Exploits1References5
seebug.org
seebug.org
added 2014/01/20 12:0 a.m.36 views

ecshop可绕过ip安全校验

简要描述: 伪造ip,绕过与ip相关的任何限制 详细说明: / 获得用户的真实IP地址 @access public @return string / function realip static $realip = NULL; if $realip !== NULL return $realip; if isset$SERVER if isset$SERVER'HTTPXFORWARDEDFOR' $arr = explode',', $SERVER'HTTPXFORWARDEDFOR'; / 取X-Forwarded-For中第一个非unknown的有效IP字符串 / foreach...

7.1AI score
Exploits0
NVD
NVD
added 2014/01/10 12:2 p.m.18 views

CVE-2013-7282

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header...

10CVSS7AI score0.09567EPSS
Exploits2References2
Prion
Prion
added 2014/01/10 12:2 p.m.18 views

Authentication flaw

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header...

10CVSS7.5AI score0.09567EPSS
Exploits2References2Affected Software2
Cvelist
Cvelist
added 2014/01/10 11:0 a.m.19 views

CVE-2013-7282

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header...

7AI score0.09567EPSS
Exploits2References2
Prion
Prion
added 2014/01/09 6:7 p.m.26 views

Design/Logic Flaw

webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header...

10CVSS7.5AI score0.84571EPSS
Exploits5References1Affected Software1
Cvelist
Cvelist
added 2014/01/09 11:0 a.m.46 views

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header...

7AI score0.84571EPSS
Exploits5References1
Check Point Advisories
Check Point Advisories
added 2014/01/07 12:0 a.m.1 views

Ultimate PHP Board User-Agent HTTP Header Code Execution - Ver2 (CVE-2003-0395)

A code execution vulnerability has been reported in Ultimate PHP Board. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS7.6AI score0.02531EPSS
Exploits0
NVD
NVD
added 2013/12/11 3:55 p.m.15 views

CVE-2013-5612

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS8AI score0.03402EPSS
Exploits1References16
Prion
Prion
added 2013/12/11 3:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS6AI score0.03402EPSS
Exploits1References16Affected Software16
CVE
CVE
added 2013/12/11 3:0 p.m.131 views

CVE-2013-5612

CVE-2013-5612 is a cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 due to the absence of a charset parameter in the Content-Type header. Connected advisories confirm Firefox/SeaMonkey fixes in 2013–2014 releases (e.g., openSUSE SU-2013:1917, Mirac...

4.3CVSS7.7AI score0.03402EPSS
Exploits1References16Affected Software2
UbuntuCve
UbuntuCve
added 2013/12/11 12:0 a.m.29 views

CVE-2013-5612

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS6.9AI score0.03402EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2013/11/20 3:49 p.m.9 views

Moving From Do Not Track to Can Not Track

NEW YORK–The movement in the security and privacy communities to push the Do Not Track standard as an answer to the problem of pervasive online tracking by ad companies and other entities has resulted in the major browser vendors including DNT as an option for users, giving them a method for...

7.1AI score
Exploits0References3
Exploit DB
Exploit DB
added 2013/09/30 12:0 a.m.48 views

mod_accounting Module 0.5 - Blind SQL Injection

Affected Vendor: http://sourceforge.net/projects/mod-acct/files/ - Affected Software: modaccounting - Affected Version: 0.5. Other earlier versions may be affected. - Issue type: Blind SQL injection - Release Date: 20 Sep 2013 - Discovered by: Eldar "Wireghoul" Marcussen - CVE Identifier:...

7.5CVSS6.5AI score0.01266EPSS
Exploits7
Kitploit
Kitploit
added 2013/09/24 1:41 a.m.12 views

[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)

Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. Features Live HTTP Headers —...

7.4AI score
Exploits0
Rows per page
Query Builder