Lucene search
K

3751 matches found

CNVD
CNVD
added 2017/03/02 12:0 a.m.2 views

WordPress Magic Fields 1 plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress Magic Fields 1 plugin, which allows an attacker to frame malicio...

6.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/02/24 5:6 p.m.10 views

Researchers Uncover New Leads Behind Shamoon2

In a fresh analysis of the Shamoon2 malware, researchers from Arbor Networks’ Security Engineering and Response Team ASERT say they have unearthed new leads on the tools and techniques used in the most recent wave of attacks. Shamoon2 surfaced in November, approximately four years after the...

0.6AI score
Exploits0References3
Packet Storm
Packet Storm
added 2017/02/22 12:0 a.m.33 views

Joomla Magic Deals Web 1.2.0 SQL Injection

Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy: https://extensions.joomla.org/extensions/extension/e-commerce/gifts-a-coupons/magic-deals-web/...

0.3AI score
Exploits0
0day.today
0day.today
added 2017/02/21 12:0 a.m.28 views

Joomla Magic Deals Web 1.2.0 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/02/21 12:0 a.m.15 views

Joomla! Component Magic Deals Web 1.2.0 - SQL Injection

Joomla! Component Magic Deals Web 1.2.0 - SQL Injection Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2017/02/21 12:0 a.m.39 views

Joomla! Component Magic Deals Web 1.2.0 - SQL Injection

Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy: https://extensions.joomla.org/extensions/extension/e-commerce/gifts-a-coupons/magic-deals-web/...

7.4AI score
Exploits0
hackapp
hackapp
added 2017/01/30 7:41 a.m.11 views

Magic Ball Free - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Magic Ball Free published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/01/24 12:0 a.m.1 views

Cisco WebEx Browser Plugin Remote Code Execution Vulnerability

Cisco WebEx is a browser extension plug-in and part of the Cisco web conferencing software. A remote code execution vulnerability exists in the Cisco WebEx browser plug-in. The extension uses nativeMessaging, and an attacker can exploit the vulnerability to execute arbitrary code in a browser usi...

8.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/12/16 11:14 a.m.29 views

Remote Code Execution Bug Found in Ubuntu Quantal

A remote code execution bug has been patched in the default installation of Ubuntu Desktop affecting all default installations of Quantal version 12.10 and later. According to researcher Donncha O’Cearbhaill, the bug allows for code injection when a user opens a specially crafted malicious file...

9.3CVSS0.1AI score0.17726EPSS
Exploits7References2
myhack58
myhack58
added 2016/11/16 12:0 a.m.29 views

PHP deserialization vulnerability causes and vulnerabilities mining techniques and case-vulnerability warning-the black bar safety net

One, serialization and deserialization Serialization and deserialization of the object is such that the Inter-program transfer object will be more convenient. Serialization is converting an object to string to store the transmission in a way. And deserialization is exactly the sequence of the...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.4 views

php: bypass __wakeup() in deserialization of an unexpected object

ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...

9.8CVSS7.3AI score0.16482EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.4 views

file: Buffer over-write in finfo_open with malformed magic file

The filecheckmem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service buffer overflow and application...

7.5CVSS7.8AI score0.04985EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.36 views

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

9.8CVSS9.8AI score0.06861EPSS
Exploits4
0day.today
0day.today
added 2016/11/02 12:0 a.m.55 views

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP objec...

7.5CVSS9.2AI score0.06861EPSS
Exploits4
Packet Storm
Packet Storm
added 2016/11/02 12:0 a.m.37 views

Alienvault OSSIM/USM 5.3.1 PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

7.5CVSS0.2AI score0.06861EPSS
Exploits4
OSV
OSV
added 2016/10/28 3:59 p.m.2 views

CVE-2016-8580

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

9.8CVSS6.2AI score0.06861EPSS
Exploits4References3
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.34 views

CVE-2016-8580

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

10AI score0.06861EPSS
Exploits4References3
Debian CVE
Debian CVE
added 2016/09/12 1:0 a.m.37 views

CVE-2016-7124

Removed by vendor...

9.8CVSS8.7AI score0.16482EPSS
Exploits2
OSV
OSV
added 2016/09/11 12:0 a.m.2 views

UBUNTU-CVE-2016-7124

ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...

9.8CVSS7.2AI score0.16482EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2016/08/16 12:0 a.m.33 views

WordPress Magic Fields 2 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016...

0.2AI score
Exploits0
Rows per page
Query Builder