Lucene search
K

482 matches found

OpenVAS
OpenVAS
added 2014/10/14 12:0 a.m.14 views

Ultra Electronics AEP Ultra Protect Multiple Vulnerabilities

Ultra Electronics AEP Ultra Protect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0References2
Cvelist
Cvelist
added 2014/10/10 1:0 a.m.29 views

CVE-2014-3405

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks aka RPL on both the Autonomic Control Plane ACP and external Autonomic Networking Infrastructure ANI interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an AN...

6.7AI score0.00717EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2014/09/16 12:0 a.m.37 views

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

0.3AI score
Exploits0
Prion
Prion
added 2014/08/14 2:55 p.m.12 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create new FTP users via a CreateFTP action in the ftpmanagement module to the default URI, 2 conduct cross-site scriptin...

6.8CVSS8AI score0.01133EPSS
Exploits6References5Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.269 views

Comersus BackOffice 4.x/5.0/6.0 /comersus/database/comersus.mdb Direct Request Database Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Web Chat Manager 2.0 HTML Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7190/info It has been reported that Web Chat Manager is prone to HTML injection attacks. This problem occurs due to insufficient sanitization of user-supplied input. As a result of this insufficiency an attacker may embed...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.42 views

ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability

ESA-2014-024.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability EMC Identifier: ESA-2014-024 CVE Identifier: CVE-2014-2503 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • E...

7.5CVSS0.3AI score0.02793EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/05/30 2:10 p.m.18 views

USPS Spam Campaign Drops Asprox Botnet Malware

A new spam campaign has emerged in support of the Asprox botnet. The scheme involves shipping receipt emails that contain malicious links and purport to come from the United States Postal Service USPS. Anyone who receives one of these emails and clicks on the link therein will have a zip file...

8.2AI score
Exploits0References2
NVD
NVD
added 2014/05/08 10:55 a.m.15 views

CVE-2014-2936

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...

7.5CVSS6.7AI score0.01611EPSS
Exploits1References2
CVE
CVE
added 2014/05/08 10:0 a.m.42 views

CVE-2014-2936

The CVE-2014-2936 entry concerns Caldera 9.20’s directory manager. The vulnerability stems from dynamic/global variable scope handling in multiple scripts (dirmng/index.php, PPD/index.php, dirmng/docmd.php, dirmng/param.php, via maindir_hotfolder or an unspecified parameter), enabling variable-in...

7.5CVSS6.9AI score0.01611EPSS
Exploits1References2Affected Software1
n0where
n0where
added 2014/02/08 1:10 p.m.32 views

Automated NoSQL Database Injection Attacks: NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...

0.3AI score
Exploits0References1
Packet Storm
Packet Storm
added 2014/01/29 12:0 a.m.28 views

Sitecore XML Cross Site Scripting

Hey All, Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack – more can be achieved with these XML Controls and will be documented in another vulnerability report http://target/?xmlcontrol=body%20onload=alert123...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2013/12/09 4:53 p.m.29 views

[NOSQLMap] NoSQLMap-Automated NoSQL Database pwnage

What is NoSQLMap? NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to...

8.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/08/08 12:0 a.m.25 views

phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities

Binary data 6967.prm...

6.5CVSS6.5AI score0.01832EPSS
Exploits0References17
myhack58
myhack58
added 2013/07/26 12:0 a.m.50 views

shopEx the latest version of the API injection vulnerability analysis attached to the use of the exp-bug warning-the black bar safety net

The defect file: \core\api\payment\2.0\apib2b20paymentcfg.php core\api\payment\1.0\apib2b20paymentcfg.php Section 4 row 4 $data'columns' do not filter lead injection Packed sentence of ShopEx to the API operation the module does not do authentication, any user can access,the attacker can be to th...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2013/06/14 10:0 a.m.22 views

CVE-2013-3573

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors...

6.9AI score0.0428EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2013/05/31 2:15 p.m.29 views

Peer-to-Peer Botnet Takedowns a Challenge

The FBI, Justice Department and technology companies have had success shutting down botnets that rely on a centralized infrastructure and command and control servers to communicate with bots, steal data or send malicious commands. Peer-to-peer botnets, however, have proven more difficult to take...

0.2AI score
Exploits0References4
Debian
Debian
added 2013/05/22 7:45 p.m.30 views

[SECURITY] [DSA 2671-1] request-tracker4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2671-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 22, 2013 http://www.debian.org/security/faq -...

6.8CVSS0.3AI score0.02428EPSS
Exploits0
NVD
NVD
added 2013/04/25 11:55 p.m.40 views

CVE-2013-0175

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

7.5CVSS7.2AI score0.03655EPSS
Exploits0References5
Cvelist
Cvelist
added 2013/04/22 1:0 a.m.25 views

CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

6.3AI score0.01946EPSS
Exploits2References6
Rows per page
Query Builder