Lucene search
+L

148 matches found

Elastic
Elastic
added 2018/06/13 6:23 p.m.13 views

Elastic Stack 6.3.0 and 5.6.10 Security Update

Elasticsearch Information Exposure Vulnerability ESA-2018-10 In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the...

8.1CVSS6.4AI score0.01014EPSS
Exploits0
NVD
NVD
added 2017/09/01 5:29 p.m.11 views

CVE-2017-14105

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...

7.8CVSS7.8AI score0.013EPSS
Exploits3References1
Prion
Prion
added 2017/09/01 5:29 p.m.13 views

Design/Logic Flaw

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...

7.2CVSS7.8AI score0.013EPSS
Exploits3References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/09/01 12:0 a.m.25 views

CVE-2017-14105

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker – even restricted as a tenant – can add a jsp at...

7.8CVSS2.8AI score0.013EPSS
Exploits3References2
OSV
OSV
added 2017/08/17 8:29 p.m.4 views

CVE-2017-6784

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco...

5.3CVSS5.8AI score0.01702EPSS
Exploits0References3
0day.today
0day.today
added 2017/03/04 12:0 a.m.33 views

WordPress Adminer 1.4.4 Interface Exposure Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ WordPress Adminer plugin allows public local database login ------------------------------------------------------------------------ David Vaartjes, July 2016...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/03/22 4:49 p.m.8 views

jenkins: Queue API did show items not visible to the current user (SECURITY-186)

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

5CVSS7.4AI score0.02064EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2012/11/05 12:0 a.m.35 views

Zenphoto 1.4.3.3 SQL Injection / Interface Exposure / XSS

waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable...

0.2AI score
Exploits0
Rows per page
Query Builder