Lucene search
K

7660 matches found

Cvelist
Cvelist
added 2017/10/15 3:0 a.m.20 views

CVE-2017-15304

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

9.3AI score0.01199EPSS
Exploits0References1
CVE
CVE
added 2017/10/15 3:0 a.m.49 views

CVE-2017-15304

CVE-2017-15304 affects Airtame HDMI dongle Web Panel. The /bin/login.php vulnerability in firmware before 3.0 lets an attacker set a session id via a Cookie: PHPSESSID header, enabling persistent admin access even after a password change. Impact: unauthorized admin session persistence. Affected: ...

9.8CVSS9.2AI score0.01199EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/10/13 5:29 p.m.20 views

CVE-2017-10612

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

8CVSS7.4AI score0.01289EPSS
Exploits0References2
Prion
Prion
added 2017/10/13 5:29 p.m.13 views

Cross site scripting

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

6CVSS7.2AI score0.01289EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/13 5:0 p.m.22 views

CVE-2017-10612 Junos Space: Persistent Cross site scripting in Junos Space

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

8CVSS7.9AI score0.01289EPSS
Exploits0References2
Prion
Prion
added 2017/10/11 1:32 a.m.11 views

Cross site scripting

A persistent stored XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admindevice/index.php...

3.5CVSS4.6AI score0.00815EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2017/10/11 12:0 a.m.254 views

Qards - Stored Cross-Site Scripting (XSS)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...

4.3CVSS6.4AI score0.01933EPSS
Exploits2References2
CVE
CVE
added 2017/10/10 5:0 a.m.51 views

CVE-2017-15188

EyesOfNetwork (EON) web interface (eonweb) 5.1-0 has a stored XSS vulnerability exploitable via the hosts array parameter in module/admin_device/index.php. Reported as CVE-2017-15188, the issue permits remote authenticated administrators to inject arbitrary script/HTML. Multiple connected sources...

4.8CVSS4.9AI score0.00815EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2017/10/09 11:30 p.m.13 views

Warning: Millions Of P0rnHub Users Hit With Malvertising Attack

Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections. Active for more than a year and still ongoing, the malware campaign is bei...

6.3AI score
Exploits0
CVE
CVE
added 2017/10/02 2:0 p.m.48 views

CVE-2017-9537

SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...

4.8CVSS5AI score0.02822EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Storm
added 2017/09/29 12:0 a.m.49 views

SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting

------------------------------------------------------------- Vulnerability type: Persistent Cross-Site Scripting ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9537 ----------------------------------------------- Product: SolarWinds Network...

5.2AI score0.02822EPSS
Exploits2
CNVD
CNVD
added 2017/09/18 12:0 a.m.2 views

Google Kubernetes Information Disclosure Vulnerability

Google Kubernetes is an open source Docker container cluster management system from Google, Inc. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability exists in Google Kubernetes, which...

6.5CVSS6.8AI score0.0133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/09/15 1:18 p.m.27 views

CVE-2017-1002100

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...

6.5CVSS4.5AI score0.0133EPSS
Exploits0References1
NVD
NVD
added 2017/09/14 1:29 p.m.23 views

CVE-2017-1002100

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...

6.5CVSS6.4AI score0.0133EPSS
Exploits0References2
OSV
OSV
added 2017/09/14 1:29 p.m.18 views

CVE-2017-1002100

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...

6.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2017/09/14 1:29 p.m.17 views

Default credentials

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...

4CVSS6.4AI score0.0133EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/09/14 1:0 p.m.62 views

CVE-2017-1002100

CVE-2017-1002100 concerns default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider (versions 1.6.0–1.6.5). The issue is that PVs are configured with the container access mode, exposing a URI on the public internet without requiring authentication. Acc...

6.5CVSS6.3AI score0.0133EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/14 1:0 p.m.24 views

CVE-2017-1002100

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...

6.4AI score0.0133EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/09/14 1:0 p.m.23 views

CVE-2017-1002100

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...

6.5CVSS6.4AI score0.0133EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2017/09/12 7:0 a.m.106 views

Description of the security update for Skype for Business 2016: September 12, 2017

Description of the security update for Skype for Business 2016: September 12, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

7.6CVSS7.4AI score0.14264EPSS
Exploits0
Rows per page
Query Builder