Lucene search
K

6844 matches found

Packet Storm
Packet Storm
added 2015/04/16 12:0 a.m.58 views

NetCat CMS 3.12 HTML Injection

NetCat CMS 3.12 HTML Injection Security Vulnerabilities Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities Product: NetCat CMS Content Management System Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version: 3.12...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/04/10 12:0 a.m.44 views

Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

6.9AI score
Exploits0
ICS
ICS
added 2014/12/21 7:0 a.m.38 views

Siemens SIMATIC S7-1200 Improper Input Validation Vulnerabilities

OVERVIEW Siemens has reported two improper input validation vulnerabilities discovered separately by Prof. Dr. Hartmut Pohl of softScheck GmbH and Arne Vidström of Swedish Defence Research Agency FOI in Siemens’ SIMATIC S7-1200 PLC. Siemens has produced a new version that mitigates these...

7.8CVSS6.6AI score0.02392EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2014/12/10 12:0 a.m.57 views

Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

6.8CVSS7.2AI score0.07551EPSS
Exploits0References5
Cisco
Cisco
added 2014/12/01 9:37 p.m.26 views

Cisco Integrated Management Controller Privilege Escalation Vulnerability

Cisco Integrated Management Controller contains a vulnerability that could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the map-nfs command. An attacker could exploit this vulnerability by sendin...

6.8CVSS6.6AI score0.00371EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.33 views

VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read

No description provided by source. Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product:...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2014/11/06 12:0 a.m.29 views

VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read

VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/06 12:0 a.m.34 views

VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read

Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/05 12:0 a.m.41 views

VMWare vmx86.sys Arbitrary Kernel Read

Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...

0.3AI score
Exploits0
KoreLogic Security
KoreLogic Security
added 2014/11/04 12:0 a.m.495 views

VMWare vmx86.sys Arbitrary Kernel Read

Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273 Platform: Microsoft Windows XP SP3 x86, Microsoft Windows Server 2003 SP2 x86, Microsoft Windows 7 SP1 x86 CWE Classification: CWE-20: Improper Input Validation Impact: Arbitrary Read,...

6.4AI score
Exploits0Affected Software1
ICS
ICS
added 2014/10/13 6:0 a.m.33 views

MatrikonOPC Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 10, 2014, and is now being released to the NCCIC/ICS-CERT web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the...

7.1CVSS6.2AI score0.01255EPSS
Exploits0References10
ICS
ICS
added 2014/10/09 6:0 a.m.34 views

Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure portal library on January 06, 2014, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Schneider Electric...

5CVSS6.5AI score0.01358EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2014/09/10 1:9 p.m.3 views

Foreman: Improper input validation

Foreman has improper input validation which could lead to partial Denial of Service...

5.3CVSS5.8AI score0.01551EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/09/05 12:0 a.m.29 views

IBM WebSphere Portal Unspecified XSS (PI16127)

The version of IBM WebSphere Portal on the remote host is affected by an unspecified cross-site scripting vulnerability due to improper user input validation. An attacker can exploit this issue to execute code in the security context of a user's browser to steal authentication cookies...

4.3CVSS5.4AI score0.01808EPSS
Exploits0References3
CERT
CERT
added 2014/07/23 12:0 a.m.20 views

Resin Pro improperly performs Unicode transformations

Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...

5CVSS6.2AI score0.01665EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Greg Matthews Classifieds.cgi 1.0 Hidden Variable Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

RedHat Linux 6.x X Font Server DoS and Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1111/info A denial of service exists in the X11 font server shipped with RedHat Linux 6.x. Due to improper input validation, it is possible for any user to crash the X fontserver. This will prevent the X server from...

7.1AI score
Exploits0
erpscan
erpscan
added 2014/05/30 12:0 a.m.25 views

SAP NetWeaver Dispatcher Multiple Vulnerabilities - RCE, DoS

Application: SAP NetWeaver Dispatcher Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe 7000.52.12.34966 Vendor URL: http://www.sap.com Bugs: Buffer overflow CWE-119, Integer overflow CWE-190, Improper Input Validation CWE-20 CVSS: AV:N/AC:H/Au:S/C:C/I:C/A:C 7.1 Exploits: PoC Reported:...

1.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/05/23 12:0 a.m.28 views

IBM WebSphere Portal 'boot_config.jsp' XSS (PI16041)

The version of IBM WebSphere Portal on the remote host is affected by a cross-site scripting vulnerability in the 'bootconfig.jsp' script due to improper user input validation. An attacker could exploit this issue to execute code in the security context of a user's browser to steal authentication...

4.3CVSS5.7AI score0.01148EPSS
Exploits0References3
Huawei
Huawei
added 2014/04/23 12:0 a.m.25 views

Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products

Reported by the internal R&D engineers, several switch products does not validate the input properly. This vulnerability enables attacker to launch DoS attack by crafting and sending malformed packet to these vulnerable products Vulnerability ID: HWPSIRT-2014-0301. This Vulnerability has been...

7.8CVSS7.6AI score0.00924EPSS
Exploits0Affected Software7
Rows per page
Query Builder