Lucene search
K

6844 matches found

CVE
CVE
added 2017/01/12 8:0 p.m.47 views

CVE-2016-8437

CVE-2016-8437 describes an improper input validation in Android’s Access Control APIs, with the kernel 3.18 memory range check potentially mishandled. Affected product: Android (Kernel 3.18). Official description notes a memory-range check issue but does not provide exploit paths or a concrete fi...

10CVSS9AI score0.01598EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2016/12/17 12:0 a.m.67 views

Cisco Expressway 8.8.1 Internal Scanning

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2016-115 Product: Expressway Manufacturer: Cisco Affected Versions: below X8.9 Tested Versions: X8.8.1 Vulnerability Type: Improper Input Validation CWE-20 Risk Level: Medium Solution Status: Fixed Manufacturer Notification:...

6.4CVSS6.6AI score0.02019EPSS
Exploits1
CNVD
CNVD
added 2016/11/02 12:0 a.m.3 views

NVIDIA Windows GPU Display Driver Local Elevation of Privilege Vulnerability (CNVD-2016-10567)

NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A local elevation of privilege vulnerability exists in NVIDIA Windows GPU Display Driver, which arises from the program failing to properly validate values. A local attacker could...

7.8CVSS6.8AI score0.01605EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2016/10/18 12:0 a.m.5 views

Adobe Reader Memory Corruption (APSB16-33: CVE-2016-6943)

A memory corruption vulnerability has been reported in Adobe Reader. The vulnerability is due to improper input validation. A remote attacker could trigger this issue via a specially crafted PDF file...

10CVSS3.8AI score0.05038EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/10/13 12:0 a.m.5 views

Adobe Acrobat and Reader Heap Overflow (APSB16-33: CVE-2016-6939)

A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to improper input validation. A remote attacker could trigger this issue via a specially crafted PDF file...

10CVSS4AI score0.08499EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/10/06 12:0 a.m.46 views

Nuuo NVR Log Parameter Unauthenticated Remote Code Execution (CVE-2016-5674)

A remote code execution was discovered in Nuuo Network Video Recording systems with Network Attached Storage. The vulnerability is due to Improper Input Validation in log parameter. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...

10CVSS3.3AI score0.9461EPSS
Exploits11
CNVD
CNVD
added 2016/09/23 12:0 a.m.3 views

Exponent CMS Arbitrary Code Execution Vulnerability

Exponent CMS employs an intuitive and flexible content editing system that allows website pages to be edited on-page as it is displayed. An arbitrary code execution vulnerability exists in Exponent CMS due to a failure to properly validate user input. An attacker could exploit the vulnerability t...

8AI score
Exploits0References1
ICS
ICS
added 2016/08/21 6:0 a.m.65 views

Moxa SoftCMS Vulnerabilities

OVERVIEW Zhou Yu working with Trend Micro’s Zero Day Initiative and Gu Ziqiang from Huawei Weiran Labs have identified vulnerabilities in Moxa’s SoftCMS Webserver Application. Moxa has produced an update to mitigate these vulnerabilities. Both researchers have tested the update to validate that i...

9.8CVSS9.5AI score0.08239EPSS
Exploits3References10
Huawei
Huawei
added 2016/08/15 12:0 a.m.25 views

Security Advisory - Improper Input Validation Vulnerability in AnyMail

Huawei AnyMail has an improper input validation vulnerability when opening compressed email attachments. Successful exploit could cause AnyMail to crash and exit. Vulnerability ID: HWPSIRT-2016-06099 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6826...

7.1CVSS6.6AI score0.00726EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2016/08/04 12:0 a.m.29 views

ask2 \control\message.php parameters messageid SQL injection

先来看看该套源码的整体防注入:GPC转义+360的防御正则 很粗暴有没有,不过这里利用的是数组全面绕过360的防御正则,然后找到一些没有单引号包含的点,从而绕过单引号转义,绕过这两个,自然可以无限制任意注入初始化过滤在D:\wamp\www\ask2V3.1.1\model\sowenda.class.php中initrequest函数,在大概第60行 $this-get = taddslashes$this-get, 1; $this-post = taddslashesarraymerge$GET, $POST; checkattack$this-post, 'post';...

7AI score
Exploits0
0day.today
0day.today
added 2016/07/29 12:0 a.m.89 views

AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector

Exploit for linux platform in category web applications Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products Authenticated Remote Command Execution via devtools vector + Vendor: AXIS Communications + Research and Advisory: Orwelllabs ...

9CVSS0.4AI score0.17687EPSS
Exploits5
Packet Storm
Packet Storm
added 2016/07/28 12:0 a.m.110 views

AXIS Authenticated Remote Command Execution

/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com security advisory olsa-2015-8257 PGP: 79A6CCC0 Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products...

0.5AI score0.17687EPSS
Exploits5
VulnCheck KEV
VulnCheck KEV
added 2016/05/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-3714

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...

10CVSS6.9AI score0.97485EPSS
Exploits11References1
ICS
ICS
added 2016/04/29 6:0 a.m.36 views

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...

10AI score
Exploits0References10
Packet Storm
Packet Storm
added 2016/04/18 12:0 a.m.37 views

pgpdump 0.29 Endless Loop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-030 Product: pgpdump Maintainer: Kazu Yamamoto Affected Versions: 0.29 Tested Versions: 0.29 Vulnerability Type: Improper Input Validation CWE-20 Risk Level: Low Solution Status: Fixed in 0.30 Maintainer Notification: 2016-04-...

7.8CVSS0.2AI score0.01824EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2016/04/13 12:0 a.m.11 views

ManageEngine Firewall Analyzer Multiple XSS

The ManageEngine Firewall Analyzer running on the remote web server is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to execute arbitrary script code in a user's browser session...

5.9AI score
Exploits0References1
0day.today
0day.today
added 2016/04/11 12:0 a.m.68 views

Axis Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications I. ADVISORY INFORMATION ----------------------- Title: Axis Network Cameras Multiple Cross-site scripting Vendor: Axis Communications Class: Improper Input Validation CWE-20 CVE Name: CVE-2015-8256 Remotely Exploitable: Yes Locally...

4.3CVSS0.3AI score0.50755EPSS
Exploits6
exploitpack
exploitpack
added 2016/04/11 12:0 a.m.69 views

Axis Network Cameras - Multiple Vulnerabilities

Axis Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY...

4.3CVSS0.5AI score0.50755EPSS
Exploits6
Exploit DB
Exploit DB
added 2016/04/11 12:0 a.m.82 views

Axis Network Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY INFORMATION ----------------------- Title: Axis...

6.1CVSS6.3AI score0.50755EPSS
Exploits6
Packet Storm
Packet Storm
added 2016/03/01 12:0 a.m.42 views

perfact::mpa Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-066 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...

7.4AI score
Exploits0
Rows per page
Query Builder