Lucene search
K

152 matches found

Prion
Prion
added 2019/04/30 9:29 p.m.17 views

Code injection

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code...

5CVSS5.5AI score0.0595EPSS
Exploits1References1Affected Software2
Qualys Blog
Qualys Blog
added 2019/04/24 12:16 a.m.54 views

Call For Customer Presentations at Black Hat USA 2019!

Tell your security story to your peers at Black Hat USA 2019! Qualys is looking for customers excited to share your security story, for example: How you integrate security into DevOps Best practices for building security into modern enterprises Case studies leveraging the use of the Qualys Cloud...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2019/01/31 8:20 p.m.27 views

Shopify: Access to Employee calendar disclosing internal presentation and meetings

Summary During a school research, we found out that some Shopify employees have their google calendar set to public. This discloses some sensitive informations: New hire information due to onsite interviews Internal presentation we found at least one internal presentation that we could access Zoo...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2019/01/17 12:28 p.m.129 views

Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool

Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...

8.3AI score
Exploits0References17
Securelist
Securelist
added 2019/01/10 10:0 a.m.97 views

The world’s southernmost security conference

When asked about his best race, Ayrton Senna replied that it was when he raced karting cars. For him it was the best because it was only for the sake of sports and free from commercial sponsoring and commercial interests. I have this same feeling about computer security conferences, because they...

7.6AI score
Exploits0
OpenVAS
OpenVAS
added 2019/01/07 12:0 a.m.48 views

Open-Xchange (OX) App Suite SSRF Vulnerability (58874)

Open-Xchange OX App Suite is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.5AI score0.01023EPSS
Exploits2References1
Talos Blog
Talos Blog
added 2018/12/21 6:0 a.m.68 views

Submissions for talks at the 2019 Talos Threat Research Summit are now open

When Cisco Talos launched the first ever Talos Threat Research Summit last year, we never could have anticipated how popular it would be. Tickets sold out quickly, and our inaugural Talos-backed conference was packed in the days leading up to Cisco Live. This year, we are bringing back the Threat...

0.5AI score
Exploits0
MSRC
MSRC
added 2018/10/26 7:0 a.m.15 views

BlueHat v18 Content Now Available

Last month we wrapped up another great BlueHat event. As an organizer, it is great to hear that the content is so strong that we have participants have to make hard choices on what to attend. BlueHat is about the community we build and the experiences we share. To further support that we are maki...

0.9AI score
Exploits0
OSV
OSV
added 2018/09/17 6:29 a.m.6 views

CVE-2018-17137

Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SEDEBUGPRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions...

9.8CVSS5.8AI score0.014EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/09/17 6:0 a.m.16 views

CVE-2018-17137

Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SEDEBUGPRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions...

9.5AI score0.014EPSS
Exploits1References1
Qualys Blog
Qualys Blog
added 2018/09/11 5:4 p.m.64 views

Call for Customer Presentations: Qualys Security Conference 2018

The annual Qualys user conference, QSC18, is quickly approaching, and we are looking for customer presentations showcasing how you use Qualys to enable security best practices and secure your digital transformation. If you would like to be considered as a presenter, please send a session title an...

Exploits0
RedHat Linux
RedHat Linux
added 2018/05/03 7:4 p.m.5 views

poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

7.5CVSS7.2AI score0.10061EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2018/04/17 12:0 a.m.10 views

Microsoft Office: Programmatic access for creating online presentations (PowerPoint, Word)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013programmaticcreationonlinepresentation.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Restrict programmatic access for creating online presentations in PowerPoint and Word Authors: Emanuel Moss Copyright:...

7.3AI score
Exploits0
CNVD
CNVD
added 2018/04/11 12:0 a.m.2 views

Softz Office Demo Easy Module Handles prd prs prv Files with Denial of Service Vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory corruption vulnerability exists in the SoftZone Office Presentations module Presentations.exe when processing prd prs prv files. ...

7.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/04/06 6:7 p.m.62 views

Call For Customer Presentations at Black Hat USA 2018!

Tell your security story to your peers at Black Hat USA 2018! Qualys is looking for customers excited to share their security and DevSecOps successes, best practices for building security into modern enterprises and case studies leveraging the use of the Qualys Cloud Platform. Take the stage in t...

0.9AI score
Exploits0
CNVD
CNVD
added 2018/02/14 12:0 a.m.3 views

SoftZone office demo prone to null pointer reference vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. RZoffice Presentations.exe has a null pointer reference vulnerability when handling special ppt files. An attacker can exploit the...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/02/14 12:0 a.m.3 views

SoftZone office demo prone to memory overflow vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory overflow vulnerability exists in RZoffice Presentations.exe when processing special ppt files. An attacker can exploit the...

7AI score
Exploits0
CNVD
CNVD
added 2018/02/14 12:0 a.m.3 views

SoftZone office demo prone to null pointer reference vulnerability (CNVD-2018-04281)

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. RZoffice Presentations.exe has a null pointer reference vulnerability when handling special ppt files. An attacker can exploit the...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/02/14 12:0 a.m.3 views

SoftZone office demo prone to denial of service vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A denial-of-service vulnerability exists in RZoffice Presentations.exe when processing special ppt files. An attacker can exploit the...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/02/14 12:0 a.m.3 views

SoftZone office demo prone to denial of service vulnerability (CNVD-2018-04283)

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A denial-of-service vulnerability exists in RZoffice Presentations.exe when processing special pptx files. An attacker can exploit the...

6.8AI score
Exploits0
Rows per page
Query Builder