Lucene search
K

943 matches found

exploitpack
exploitpack
added 2017/07/20 12:0 a.m.17 views

Tilde CMS 1.01 - Multiple Vulnerabilities

Tilde CMS 1.01 - Multiple Vulnerabilities Exploit Title: Tilde CMS 1.01 Multiple Vulnerabilities Date: July 7th, 2017 Exploit Authors: Paolo Forte, Raffaele Forte Vendor Homepage: http://www.tildenetwork.com/ Version: Tilde CMS 1.0.1 Tested on: Ubuntu 12.04, PHP 5.3.10 I. INTRODUCTION...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2017/05/22 3:25 p.m.23 views

Verizon Patches XSS Issues in its Messaging Client

Verizon late last year patched a vulnerability in its Message+ messaging client that could have allowed an attacker to take over a session and possibly extend their reach into a user’s account management settings. Researcher Randy Westergren yesterday disclosed some details on the bug, which coul...

Exploits0References4
Vulnerability Lab
Vulnerability Lab
added 2017/02/21 12:0 a.m.53 views

ProjectSend r754 - IDOR & Authentication Bypass

Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability Laboratory ID VL-ID: ==================================== 2031 Comm...

7.1AI score
Exploits0
myhack58
myhack58
added 2016/09/20 12:0 a.m.20 views

Within ten seconds of black off the Facebook home page? This vulnerability turned out to the value 1. 6 million dollars including vulnerability analysis-vulnerability warning-the black bar safety net

! How to black out your Facebook for? The man from India safe studies experts say have something to say. According to the foreign media to the latest reports, a man named ArunSureshkumar of India security experts at Facebook“Business Management Platform”for BusinessManager found a serious...

0.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/09/07 12:0 a.m.8 views

The vulnerability of the ColdFusion interpreter allows attackers to read arbitrary files or send TCP requests to servers in the internal network.

The vulnerability of the Office Open XML OOXML file format in ColdFusion is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows an attacker to remotely read arbitrary files or send TCP requests to internal server networks using a specially...

6.4CVSS7.7AI score0.69044EPSS
Exploits7References3
OwnCloud
OwnCloud
added 2016/07/13 7:1 p.m.499 views

Insecure Direct Object References in Gallery - ownCloud

ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. Affected Software ownCloud Server 8.2.6 CVE-2016-5876 gallery/2e8f1f2509d15876ab09396dfe6c463aacdf5c5b ownCloud Server 9.0.3...

4.3CVSS5.7AI score0.01171EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2016/07/13 2:0 a.m.516 views

Server: Insecure Direct Object References in Gallery

ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

4.3CVSS5.7AI score0.01171EPSS
Exploits0Affected Software1
Exploit DB
Exploit DB
added 2016/06/27 12:0 a.m.43 views

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/06/27 12:0 a.m.30 views

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

Option CloudGate CG0192-11897 - Multiple Vulnerabilities Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...

7.6AI score
Exploits0
0day.today
0day.today
added 2016/06/27 12:0 a.m.44 views

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/06/27 12:0 a.m.39 views

Option CloudGate Insecure Direct Object Reference Auth Bypass

Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...

0.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/06/25 12:0 a.m.74 views

Option CloudGate Insecure Direct Object References Authorization Bypass

Summary The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic unit certified on all major us cellular operators CDMA/EV-DO and WCDMA/HSPA+. The CloudGate is simple to configure locally or remotely from your PC, tablet or...

5.8AI score
Exploits0
OSV
OSV
added 2016/05/09 10:59 a.m.4 views

CVE-2016-2440

libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896...

7.8CVSS7.3AI score0.00464EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/05/09 10:0 a.m.19 views

CVE-2016-2440

libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896...

7.5AI score0.00464EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.8 views

The vulnerability of the SAP NetWeaver software integration platform allows a perpetrator to trigger a service failure.

The vulnerability of the UDDI component in the SAP NetWeaver software integration platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created XML request...

9CVSS7.6AI score0.05264EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/03/11 12:0 a.m.7 views

The vulnerability of the SAP Mobile Platform, a platform for developing mobile applications, allows a hacker to read arbitrary files.

The vulnerability of the SAP Mobile Platform for developing mobile applications is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created XML request...

7.5CVSS5.6AI score0.02885EPSS
Exploits1References3Affected Software1
android
android
added 2016/03/01 12:0 a.m.47 views

CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.2CVSS6.1AI score0.03646EPSS
Exploits14References2Affected Software1
Packet Storm
Packet Storm
added 2016/03/01 12:0 a.m.49 views

perfact::mpa Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-067 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/02/24 10:36 a.m.5 views

rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack

A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service...

7.5CVSS7.1AI score0.06535EPSS
Exploits0References6
exploitpack
exploitpack
added 2016/02/19 12:0 a.m.36 views

Chamilo LMS IDOR - messageId Delete POST Injection

Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...

7.7AI score
Exploits0
Rows per page
Query Builder