Lucene search
K

363 matches found

CNVD
CNVD
added 2016/05/30 12:0 a.m.5 views

OpenNTPD Design Vulnerabilities

OpenNTPD is a network time protocol NTP for Unix systems that can synchronize a computer system's local clock with a remote NTP server. A security vulnerability exists in OpenNTPD that stems from a failure to validate the Common Name when the program is configured for HTTPS requests, which could ...

5.9CVSS6.6AI score0.00702EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/03/11 12:0 a.m.7 views

The vulnerability of the Apache Tomcat application server allows attackers to circumvent authenticity verification restrictions.

The vulnerability of the RequestUtil.java function in the Apache Tomcat application server is related to deficiencies in path name validation. Exploiting this vulnerability allows a malicious actor to bypass the authenticity verification provided by the SecurityManager by using the “/..” symbol i...

4CVSS6.6AI score0.12555EPSS
Exploits0References11Affected Software1
RedHat Linux
RedHat Linux
added 2015/11/19 5:51 a.m.9 views

squid: incorrect X509 server certificate validation (SQUID-2015:1)

It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate...

2.6CVSS5.7AI score0.11402EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/10/27 6:41 p.m.43 views

Moderate: Red Hat Security Advisory: kubernetes security update

Updated kubernetes packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.4CVSS7.3AI score0.01812EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/10/27 6:41 p.m.6 views

Kubernetes: Missing name validation allows path traversal in etcd

Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal...

6.4CVSS5.8AI score0.01812EPSS
Exploits0References4
CNVD
CNVD
added 2015/08/03 12:0 a.m.4 views

China Telecom's Wing Pay App Has Multiple Vulnerabilities

Wing Pay is the business brand of China Telecom that operates payment and internet finance. Wing Pay APP 3.9.6 has multiple security vulnerabilities, including: global file read/write vulnerability; configuration file read/write vulnerability; trust arbitrary security certificate vulnerability;...

6.8AI score
Exploits0
Prion
Prion
added 2014/11/19 6:59 p.m.14 views

Design/Logic Flaw

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors...

5CVSS7.2AI score0.01173EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2014/08/07 12:0 a.m.29 views

DLA-20-1 munin - security update

Bulletin has no description...

7.2CVSS6AI score0.02502EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2014/02/28 12:0 a.m.4 views

PT-2014-2155 · Debian · Apt

Name of the Vulnerable Software and Affected Versions: apt versions prior to 0.8.11 Description: The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled. Recommendations: For...

2.6CVSS6AI score0.00799EPSS
Exploits0References7
OSV
OSV
added 2013/12/03 7:55 p.m.3 views

DEBIAN-CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

3.6CVSS7.6AI score0.0379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2013/09/11 12:0 a.m.7 views

PT-2013-5211 · Hewlett Packard · Hp Procurve Manager +2

Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP PCM+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue concerns the UpdateCertificatesServlet in the SNAC registration server, which fails to properly validat...

10CVSS7.6AI score0.51903EPSS
Exploits10References9
myhack58
myhack58
added 2012/10/23 12:0 a.m.21 views

Baidu Ueditor Open Source Editor for the Java version of jsp file upload vulnerability-vulnerability warning-the black bar safety net

The system default file upload process jsp filter is not strict cause can upload a jsp file,the jsp, you know how system privileges can execute arbitrary commands ! The problem is in the imageUp. jsp here use java regular expression to validate the uploaded file file name Re-set the file name whe...

1.9AI score
Exploits0
OpenVAS
OpenVAS
added 2012/03/12 12:0 a.m.24 views

Debian Security Advisory DSA 2418-1 (postgresql-8.4)

The remote host is missing an update to postgresql-8.4 announced via advisory DSA 2418-1. OpenVAS Vulnerability Test $Id: deb24181.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2418-1 postgresql-8.4 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Sof...

6.8CVSS0.8AI score0.03625EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2011/08/29 5:25 p.m.7 views

cifs-utils: mount.cifs incorrect fix for CVE-2010-0547

The checkmtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

2.1CVSS7.1AI score0.00488EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2010/02/10 12:0 a.m.4 views

PT-2010-1847 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to the SMB implementation in the Server service, which does not properly validate the share and servername fields in SMB packets. This allows remote...

7.8CVSS6.1AI score0.79499EPSS
Exploits0References6
0day.today
0day.today
added 2009/05/26 12:0 a.m.22 views

ShaadiClone 2.0 (addadminmembercode.php) Add Admin Exploit

Exploit for unknown platform in category web applications ========================================================== ShaadiClone 2.0 addadminmembercode.php Add Admin Exploit ========================================================== ShaadiClone v2.0 addadminmembercode.php Add Admin function...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/09/14 12:0 a.m.54 views

Debian DSA-1371-1 : phpwiki - several vulnerabilities

Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file...

10CVSS5.4AI score0.03529EPSS
Exploits0References9
CVE
CVE
added 2006/08/17 11:0 p.m.57 views

CVE-2004-2661

Soft3304 04WebServer before 1.41 fails to properly validate requested file names, allowing remote attackers to obtain CGI source code. The issue is network-exploitable and leads to partial information disclosure (CGI source). No exploitation details or official fixes are provided in the supplied ...

5CVSS6.6AI score0.01175EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2005/05/03 4:0 a.m.18 views

CVE-2005-1450

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact...

7.5CVSS6.6AI score0.01317EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2005/01/05 12:0 a.m.1 views

Microsoft WINS Name Validation Attack

...

7AI score
Exploits0
Rows per page
Query Builder