Lucene search
K

183 matches found

CVE
CVE
added 2018/11/07 12:0 a.m.56 views

CVE-2018-12414

The CVE-2018-12414 entry affects TIBCO Rendezvous components (rvrd, rvrsd, rvsd, rvcache, rvdm) and related editions. A CSRF flaw exists that could let an attacker reconfigure messaging and potentially access all data routed by RV. Affected versions are: RV 8.4.5 and earlier, RV Developer Edition...

8.8CVSS8.5AI score0.00668EPSS
Exploits0References3Affected Software5
OpenVAS
OpenVAS
added 2018/06/08 12:0 a.m.15 views

Microsoft Windows: Microsoft network server: Digitally sign communications (always)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnssigncommunicationalways.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network server: Digitally sign communications always Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/08 12:0 a.m.81 views

Microsoft Windows: Microsoft network server: Amount of idle time required before suspending session

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnsidletimesuspending.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network server: Amount of idle time required before suspending session Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/08 12:0 a.m.15 views

Microsoft Windows: Microsoft network server: Digitally sign communications (if client agrees)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnssigncommunicationpossible.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network server: Digitally sign communications if client agrees Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/08 12:0 a.m.28 views

Microsoft Windows: Microsoft network server: Disconnect clients when logon hours expire

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnsdisconnectlogonhoursexpires.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network server: Disconnect clients when logon hours expire Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/08 12:0 a.m.31 views

Microsoft Windows: Microsoft network server: Server SPN target name validation level

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnsspnvalidationlevel.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network server: Server SPN target name validation level Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
NVD
NVD
added 2018/06/04 4:29 p.m.17 views

CVE-2016-10655

The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is...

9.3CVSS8.3AI score0.01752EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/05/15 3:11 p.m.7 views

dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root...

7.9CVSS6AI score0.94457EPSS
Exploits14References5
OSV
OSV
added 2018/05/07 1:29 p.m.0 views

UBUNTU-CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

5.3CVSS7.1AI score0.04504EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/05/07 1:29 p.m.31 views

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

5.3CVSS6.8AI score0.04504EPSS
Exploits0References3
Prion
Prion
added 2018/05/07 1:29 p.m.20 views

Design/Logic Flaw

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

3.5CVSS6.7AI score0.04504EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2018/05/07 1:29 p.m.2 views

DEBIAN-CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

5.3CVSS7AI score0.04504EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/07 1:0 p.m.18 views

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

6.8AI score0.04504EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2018/05/07 1:0 p.m.36 views

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

5.3CVSS7AI score0.04504EPSS
Exploits0
Packet Storm
Packet Storm
added 2018/04/06 12:0 a.m.32 views

Onethink CMS Server Side Request Forgery

SSRFPS"Server Side Request ForgeryPSc in Onethink All version CVE-2017-14323 The Onethink is an open source CMSContent Management System.This system is based on the Thinkphp3.2 development framework. Product Download: http://www.onethink.cn Vulnerability TypePSoSSRFPS"Server Side Request ForgeryP...

0.5AI score0.04479EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2017/04/20 12:0 a.m.5 views

The vulnerability of the Mac OS X operating system, which allows a hacker to increase their privileges

The vulnerability of the sudo component in the Mac OS X operating system is related to improper handling of permissions. Exploiting this vulnerability allows a malicious actor to increase their privileges by using administrative group membership on the network server...

6.5CVSS7.7AI score0.02235EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2017/04/17 12:0 a.m.2598 views

CVE-2017-0199: Microsoft Office RTF vulnerability using the PoC-vulnerability warning-the black bar safety net

0x01 description From FireFye detect and publish CVE-2017-0199 since, I have been researching this vulnerability in Microsoft officially released the patch, I decided to release this PoC. I use way possible with other researchers using different methods, the use of the method may be little bit...

8.5AI score0.99933EPSS
Exploits29
Tenable Nessus
Tenable Nessus
added 2016/03/07 12:0 a.m.29 views

GLSA-201603-01 : GIMP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201603-01 GIMP: Multiple vulnerabilities GIMPs network server, scriptfu, is vulnerable to the remote execution of arbitrary code via the python-fu-eval command due to not requiring authentication. Additionally, the X Window Dump X...

6.8CVSS8.2AI score0.04509EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2016/03/06 12:0 a.m.44 views

GIMP: Multiple vulnerabilities

Background GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. Description GIMP’s network server, scriptfu, is vulnerable to the remote execution of arbitrary code via the python-fu-eval command due to not requiring authentication. Additionally...

6.8CVSS8.2AI score0.04509EPSS
Exploits0
ArchLinux
ArchLinux
added 2015/10/18 12:0 a.m.40 views

miniupnpc: arbitrary code execution

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...

6.8CVSS7.1AI score0.04783EPSS
Exploits1References3
Rows per page
Query Builder