Lucene search
K

738 matches found

Cvelist
Cvelist
added 2017/10/30 2:0 p.m.32 views

CVE-2012-5357

Ektron Content Management System CMS before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data...

9.8AI score0.67776EPSS
Exploits6References4
Zero Day Initiative
Zero Day Initiative
added 2017/09/22 12:0 a.m.44 views

Trend Micro Control Manager CCGIServlet NotificationMethodResult SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

6CVSS8AI score
Exploits0References1
CNVD
CNVD
added 2017/09/14 12:0 a.m.1 views

Tcpdump ISO CLNS parser buffer

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run under the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.ISO CLNS parser is one of the CLNS Connectionless Network Service...

9.8CVSS9.4AI score0.02527EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/08/04 12:0 a.m.34 views

RedHat Update for NetworkManager and libnl3 RHSA-2017:2299-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.6CVSS7.2AI score0.01959EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2017/07/07 12:0 a.m.6 views

PT-2017-3706 · Schneider Electric · Wonderware Archestra Logger

Name of the Vulnerable Software and Affected Versions: Schneider Electric Wonderware ArchestrA Logger versions 2017.426.2307.1 and prior Description: An Uncontrolled Resource Consumption issue was discovered, which could allow an attacker to exhaust the memory resources of the machine, causing a...

8.6CVSS8.3AI score0.04125EPSS
Exploits0References6
seebug.org
seebug.org
added 2017/04/28 12:0 a.m.138 views

Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)

Official patch earlier to fix the vulnerabilities: the Zabbix database write vulnerability The vulnerability lies within the ìTrapperî section of the Zabbix Code, this is the network service that allows the Proxies and the Server to communicate TCP Port 10051 There are a set of API calls that the...

6.8CVSS8.9AI score0.261EPSS
Exploits24
Microsoft KB
Microsoft KB
added 2017/04/11 7:0 a.m.176 views

April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083)

April 11, 2017—KB4015217 OS Build 14393.1066 and 14393.1083 Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue that was preventing the Camera application from saving ...

9.3CVSS7.6AI score0.45648EPSS
Exploits9
myhack58
myhack58
added 2017/04/01 12:0 a.m.2812 views

CVE-2017-7269 IIS6. 0 remote code execution vulnerability analysis and Exploit-vulnerability warning-the black bar safety net

Author: k0shl reprint please indicate the source author of the blog: http://whereisk0shl.top Preface CVE-2017-7269 IIS 6.0 in the presence of a stack overflow vulnerability in IIS6. 0 processing PROPFIND command when, due to the length of the url without the effective length of the control and...

10CVSS9.5AI score0.99823EPSS
Exploits39
BDU FSTEC
BDU FSTEC
added 2017/02/02 12:0 a.m.4 views

The vulnerability of the Android operating system, which allows a malicious actor to bypass certificate verification

The vulnerability of the Android operating system’s basic network service exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to bypass certificate verification...

7.8CVSS7.2AI score0.00655EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/01/27 12:0 a.m.2 views

UBUNTU-CVE-2017-5342

In tcpdump before 4.9.0, a bug in multiple protocol parsers Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE could cause a buffer overflow in print-ether.c:etherprint...

9.8CVSS7.6AI score0.05504EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/01/26 12:0 a.m.7 views

The vulnerability of the CODESYS Runtime Toolkit execution environment allows a perpetrator to read and write arbitrary files.

The vulnerability of the CODESYS Runtime Toolkit execution environment exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to read, write, and create arbitrary files by utilizing the “..” element in the path wh...

10CVSS5.8AI score0.02637EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/09/19 12:0 a.m.6 views

The vulnerability of the CODESYS Runtime Toolkit execution environment allows a perpetrator to read and write arbitrary files.

The vulnerability of the CODESYS Runtime Toolkit execution environment exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to read, write, and create arbitrary files by utilizing the “..” element in the path wh...

10CVSS5.8AI score0.02637EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2016/03/05 12:0 a.m.39 views

innovaphone IP222 / IP232 Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-053 Product: innovaphone IP222/IP232 Manufacturer: innovaphone AG Affected Versions: 11r1s r2 Tested Versions: 11r1s r2 Vulnerability Type: Denial of Service CWE-730 Risk Level: Medium Solution Status: Fixed Manufacturer...

7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/12/02 12:0 a.m.38 views

Hewlett-Packard LoadRunner Virtual Table Server import_database Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Virtual Table Server, which listens by default on port 4000. By providi...

7.5CVSS7.6AI score0.0375EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/05 12:0 a.m.5 views

OpenSLP 'SLPDProcessMessage()' Function Denial of Service Vulnerability

OpenSLP Service Location Protocol is an IETF standard protocol developed by the OpenSLP project for dynamic service discovery within the Internet. The protocol supports looking up services in the network by their types and attributes. A denial of service vulnerability exists in OpenSLP. An attack...

7.5CVSS6.8AI score0.0631EPSS
Exploits1References1
CNVD
CNVD
added 2015/10/27 12:0 a.m.3 views

Cisco Adaptive Security Appliance Denial of Service Vulnerability (CNVD-2015-06862)

The Cisco ASA 5500 Series Adaptive Security Appliances are modular platforms for delivering security and VPN services, providing firewall, IPS, anti-X, and VPN services. The Cisco Adaptive Security Appliance ASA has a security vulnerability in its implementation. A remote attacker could cause a...

7.1CVSS6.9AI score0.0189EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/10/01 12:0 a.m.5 views

The vulnerability of the SAP Afaria mobile device management program allows a hacker to inject arbitrary JavaScript code.

The vulnerability of the SAP Afaria mobile device management program allows a malicious actor to inject arbitrary JavaScript code by sending a specially crafted request to the Xcomms network service...

6.8CVSS5.7AI score0.01635EPSS
Exploits2References4Affected Software1
0day.today
0day.today
added 2015/08/29 12:0 a.m.42 views

freeSSHd 1.3.1 - Denial of Service Vulnerability

Exploit for windows platform in category dos / poc ''' Exploit title: freesshd 1.3.1 denial of service vulnerability Date: 28-8-2015 Vendor homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeSSHd.exe Version: 1.3.1 Author: 3unnym00n Details:...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.5 views

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the dhcp-debuginfo package in the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

10CVSS7.1AI score0.2578EPSS
Exploits9References3
Zero Day Initiative
Zero Day Initiative
added 2015/02/20 12:0 a.m.43 views

Dell ScriptLogic Asset Manager GetClientPackage SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this security flaw, an attacker would make a...

7.5CVSS7.2AI score0.17558EPSS
Exploits0References1
Rows per page
Query Builder