Lucene search
K

943 matches found

Vulnerability Lab
Vulnerability Lab
added 2016/02/15 12:0 a.m.36 views

Chamilo LMS IDOR - (messageId) Delete Post Vulnerability

Document Title: =============== Chamilo LMS IDOR - messageId Delete Post Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability Laboratory...

7.4AI score
Exploits0
NVD
NVD
added 2016/02/08 3:59 a.m.23 views

CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.8CVSS7.6AI score0.03646EPSS
Exploits14References42
Prion
Prion
added 2016/02/08 3:59 a.m.28 views

Integer overflow

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.2CVSS6.9AI score0.03646EPSS
Exploits14References42Affected Software5
UbuntuCve
UbuntuCve
added 2016/01/19 12:0 p.m.41 views

CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.8CVSS7AI score0.03646EPSS
Exploits14References10
OSV
OSV
added 2016/01/19 12:0 p.m.2 views

UBUNTU-CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.8CVSS6.9AI score0.03646EPSS
Exploits14References11
0day.today
0day.today
added 2016/01/05 12:0 a.m.76 views

Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities

Exploit for php platform in category web applications Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Descripti...

4.3CVSS0.8AI score0.61114EPSS
Exploits5
anandpraka
anandpraka
added 2015/12/13 1:21 p.m.23 views

[Responsible disclosure] How I could have removed all your Facebook notes

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Summary: This blog post is about an Insecure direct object reference vulnerability in Facebook Notes using which attacker could have removed all your notes just b...

6.6AI score
Exploits0
CNVD
CNVD
added 2015/09/25 12:0 a.m.2 views

Apple iOS Same Origin Policy Bypass Vulnerability

Apple iOS is an operating system for handheld devices developed by Apple Inc. Apple iOS suffers from a same-origin policy bypass vulnerability. It allows remote attackers to bypass the same-origin policy and obtain object references via customized event messages...

5CVSS6.7AI score0.02305EPSS
Exploits0References1
NVD
NVD
added 2015/08/31 6:59 p.m.15 views

CVE-2014-2332

CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

5.5CVSS6.1AI score0.01433EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2015/08/31 6:59 p.m.27 views

CVE-2014-2332

CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

5.5CVSS6.2AI score0.01433EPSS
Exploits1References2
Prion
Prion
added 2015/08/31 6:59 p.m.32 views

Design/Logic Flaw

CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

5.5CVSS6.4AI score0.01433EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2015/08/31 6:0 p.m.76 views

CVE-2014-2332

CVE-2014-2332 affects Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5. The issue, tied to insecure direct object references, allows remote authenticated users to delete arbitrary files via a request to an unspecified link. The related advisory notes that exploitation can be facilitated by CVE-2...

5.5CVSS5.1AI score0.01433EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2015/08/31 6:0 p.m.21 views

CVE-2014-2332

CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

5.2AI score0.01433EPSS
Exploits1References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/07/22 12:0 a.m.31 views

Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns

Helpdesk Pro by Ossolution Team comhelpdeskpro, before 1.4.0, multiple vulns Vulnerabilities: Direct Object References Cross-Site Scripting SQL Injection Local file disclosure/Path traversal File Upload Fixed: vulnerability fixed in version 1.4.0 Developer's notice:...

7.8AI score
Exploits0References2Affected Software1
0day.today
0day.today
added 2015/07/21 12:0 a.m.53 views

Joomla Helpdesk Pro Plugin < 1.4.0 - Multiple Vulnerabilities

Joomla Helpdesk Pro versions prior to 1.4.0 suffers from cross site scripting, local file disclosure, remote file upload, remote SQL injection, and insecure direct object reference vulnerabilities. Document Title ============== Joomla! plugin Helpdesk Pro 1.4.0 Reported By =========== Simon Rawet...

7.5CVSS0.3AI score0.5651EPSS
Exploits10
anandpraka
anandpraka
added 2015/06/05 6:28 a.m.34 views

[Responsible disclosure] How I could have hacked 62.5 million Zomato Users

Note: This is being published with the permission of Zomato Team. The vulnerability is now fixed. Zomato is an online restaurant search and discovery service providing information on home delivery, dining-out, cafés and nightlife for various cities of India and 21 other countries. It has 62.5...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2015/03/23 12:0 a.m.172 views

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

4CVSS0.9AI score0.01003EPSS
Exploits2
Packet Storm
Packet Storm
added 2015/02/23 12:0 a.m.64 views

Kony EMM 1.2 Insecure Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

4CVSS6.7AI score0.01003EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2015/02/15 12:0 a.m.2 views

Oracle Java PhantomReference Use After Free (CVE-2015-0395)

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a use after free error when handling phantom object references in the Hotspot JVM garbage collector. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user...

9.3CVSS2.5AI score0.05909EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/03 12:0 a.m.50 views

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2015:0190-1) (POODLE)

OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs : - Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols ...

10CVSS6.4AI score0.99999EPSS
Exploits12References15
Rows per page
Query Builder