Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1152 matches found

Tenable Nessus
Tenable Nessusadded 2016/11/11 12:0 a.m.32 views

Oracle Linux 7 : postgresql (ELSA-2016-2606)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2606 advisory. 9.2.18-1 - update to 9.2.18 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-18.html...

8.3CVSS7.4AI score0.06011EPSS
Exploits0References3
Oracle linux
Oracle linuxadded 2016/11/09 12:0 a.m.33 views

postgresql security and bug fix update

9.2.18-1 - update to 9.2.18 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-18.html http://www.postgresql.org/docs/9.2/static/release-9-2-17.html http://www.postgresql.org/docs/9.2/static/release-9-2-16.html 9.2.15-2 - fix postgresql-setup to work if postgres user is set t...

8.3CVSS7.6AI score0.06011EPSS
Exploits0
OSV
OSVadded 2016/08/11 12:0 a.m.1 views

UBUNTU-CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service NULL pointer dereference and server crash, obtain sensitive memory information, or possibly execute arbitrary code via 1 a...

8.3CVSS7.7AI score0.06011EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2016/07/14 12:0 a.m.51 views

Fedora 24 : php (2016-b967ac1a74)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

8.6CVSS8.1AI score0.05487EPSS
Exploits2References3
Tenable Nessus
Tenable Nessusadded 2016/07/14 12:0 a.m.50 views

Fedora 22 : php (2016-65f1ffdc0c)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

8.6CVSS8.1AI score0.05487EPSS
Exploits2References5
Tenable Nessus
Tenable Nessusadded 2016/07/14 12:0 a.m.53 views

Fedora 23 : php (2016-6b1938566f)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

8.6CVSS8.1AI score0.05487EPSS
Exploits2References3
Hacker One
Hacker Oneadded 2016/07/08 3:53 a.m.17 views

Bime: Urgent: attacker can access every data source on Bime

Vulnerability details I don't include words like "urgent" in my title very often, but I thought you might want to get onto this right away. An attacker can access the data source of any other customer on the BIME platform through the /cubemodels.json endpoint. This leaks, for example, the login...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2016/05/09 12:0 a.m.66 views

Fedora 24 : php-5.6.21-1.fc24 (2016-f4e73663f4)

28 Apr 2016, PHP 5.6.21 Core: Fixed bug 69537 debugInfo with empty string for key gives error. krakjoe Fixed bug 71841 EGerrorzval is not handled well. Laruence BCmath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Stas Curl: Fixed bug 71831 CURLOPTNOPROXY applied a...

9.8CVSS7.9AI score0.12179EPSS
Exploits8References13
Tenable Nessus
Tenable Nessusadded 2016/05/03 12:0 a.m.10 views

Fedora 23 : php-5.6.21-1.fc23 (2016-f1d98cf017)

28 Apr 2016, PHP 5.6.21 Core: Fixed bug 69537 debugInfo with empty string for key gives error. krakjoe Fixed bug 71841 EGerrorzval is not handled well. Laruence BCmath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Stas Curl: Fixed bug 71831 CURLOPTNOPROXY applied a...

5.5AI score
Exploits0References1
Node.js
Node.jsadded 2016/04/18 9:16 p.m.33 views

SQL Injection

Overview Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly...

5CVSS1.9AI score0.01342EPSS
Exploits1Affected Software1
CakePHP
CakePHPadded 2016/03/28 12:0 a.m.21 views

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.8.3, 3.0.18, 3.1.13, and 3.2.6. These releases contain security fixes. 3.2.6 and 2.8.3 also contain bugfixes. Security Fixes These releases fix a weakness in...

7.2AI score
Exploits0
CakePHP
CakePHPadded 2016/03/13 12:0 a.m.34 views

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...

7.4AI score
Exploits0
Metasploit
Metasploitadded 2015/12/26 10:53 p.m.16 views

PostgreSQL CREATE LANGUAGE Execution

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This...

7.3AI score
Exploits0
Exploit DB
Exploit DBadded 2015/09/29 12:0 a.m.31 views

ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...

7.4AI score
Exploits0
0day.today
0day.todayadded 2015/09/29 12:0 a.m.32 views

ManageEngine EventLog Analyzer Remote Code Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q...

7.1AI score
Exploits0
Packet Storm
Packet Stormadded 2015/09/28 12:0 a.m.18 views

ManageEngine EventLog Analyzer Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...

0.4AI score
Exploits0
Metasploit
Metasploitadded 2015/09/15 12:29 a.m.23 views

ManageEngine EventLog Analyzer Remote Code Execution

This module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the...

7.5CVSS0.7AI score0.80192EPSS
Exploits2
Exploit DB
Exploit DBadded 2015/09/14 12:0 a.m.21 views

ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2015/09/14 12:0 a.m.12 views

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2015/06/23 12:0 a.m.49 views

FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)

The PHP project reports : DOM and GD : - Fixed bug 69719 Incorrect handling of paths with NULs. FTP : - Improved fix for bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4643 Postgres : - Fixed bug 69667 segfault in phppgsqlmetadata. CVE-2015-4644 %NASLMINLEVEL 70300 ...

9.8CVSS8.1AI score0.16512EPSS
Exploits1References7
Rows per page
Query Builder