Lucene search
K

286 matches found

Hacker One
Hacker One
added 2020/11/22 4:36 p.m.19 views

Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}

Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...

0.4AI score
Exploits0
CNVD
CNVD
added 2020/11/19 12:0 a.m.4 views

Trend Micro Apex One Access Control Error Vulnerability

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. An access control error vulnerability exists in Trend Micro Apex One, which can be exploited by an attacker to allow an unprivileged user t...

7.8CVSS6.8AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.7 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. An access control error vulnerability exists in Trend Micro Apex One, which can be exploited by an attacker to allow an unprivileged user t...

7.8CVSS7.1AI score0.00421EPSS
Exploits0References3
OSV
OSV
added 2020/11/12 9:17 a.m.8 views

ALBA-2020:5097 eclipse:rhel8 bug fix update

Eclipse is an integrated development environment IDE. The metadata for the eclipse:rhel8 module has been updated to remove the following unused profiles: c everything To check whether you have the obsolete profiles installed, run: yum module list eclipse The installed profiles have the i indicato...

7.1AI score
Exploits0References1
AlmaLinux
AlmaLinux
added 2020/11/12 9:17 a.m.18 views

eclipse:rhel8 bug fix update

Eclipse is an integrated development environment IDE. The metadata for the eclipse:rhel8 module has been updated to remove the following unused profiles: c everything To check whether you have the obsolete profiles installed, run: yum module list eclipse The installed profiles have the i indicato...

1.1AI score
Exploits0References1
Rockylinux
Rockylinux
added 2020/11/12 9:17 a.m.12 views

rhel8 bug fix update

An update is available for eclipse-emf, eclipse-ecf, apache-commons-compress, hamcrest, opentest4j, xz-java, google-gson, glassfish-el, icu4j, xmlgraphics-commons, jsch, felix-scr, apiguardian, junit, glassfish-jsp, lucene, jetty, junit5, apache-commons-jxpath, eclipse, univocity-parsers,...

0.6AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/11/02 12:0 a.m.6 views

KB4577586: Update for the removal of Adobe Flash Player: October 27, 2020

KB4577586: Update for the removal of Adobe Flash Player: October 27, 2020 Important notes Adobe Flash Player is out of support as of December 31, 2020. For more information, see Adobe Flash end of support on December 31, 2020. Applying this update will remove Adobe Flash Player from your Windows...

6.7AI score
Exploits0
Citrix
Citrix
added 2020/09/17 12:0 a.m.8 views

After Upgrading to iOS 14 And Opening MDX Wrapped Apps Prompt Displays - "Compliance Error - Your device is out of compliance...MDX Encryption is not supported"

After Upgrading to iOS14 and opening MDX Wrapped Apps or Citrix Secure Mail/Hub/Web Displays - "Compliance Error - Your device is out of compliance. Please contact your administrator. MDX Encryption is not supported beyond iOS 13. Please reinstall the app."...

6.7AI score
Exploits0
OSV
OSV
added 2020/09/01 9:15 p.m.10 views

GHSA-J3QQ-QVC8-C6G7 Malicious Package in foever

All versions of foever are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This packag...

9.8CVSS7.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/01 9:14 p.m.29 views

Malicious Package in soket.js

All versions of soket.js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...

4.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 9:13 p.m.37 views

Malicious Package in soket.io

All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...

4.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/01 9:11 p.m.8 views

GHSA-5X7P-GM79-383M Malicious Package in regenraotr

All versions of regenraotr are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...

9.8CVSS7.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/01 9:10 p.m.34 views

Malicious Package in regenrator

All versions of regenrator are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...

4.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 9:9 p.m.39 views

Malicious Package in axois

All versions of axois are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This package...

4.1AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/07/18 12:0 a.m.1 views

Tianmu MVC Web Management System Home Edition Has Arbitrary File Deletion Vulnerability

Tianmu MVC website management system is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP + MYSQL products, the use of independent MVC framework, applicable to large and small and medium-sized enterprises of the open source MVC. Tianmu MVC website management system Home...

7AI score
Exploits0
CNVD
CNVD
added 2020/07/15 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in HisiPHP (CNVD-2020-48610)

HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP has an arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete lock files , resulting in system reinstallation...

7AI score
Exploits0
CNVD
CNVD
added 2020/07/06 12:0 a.m.3 views

Apple CMS has a logic flaw vulnerability

Apple CMS program is a fast website building system that runs on PHP+MYSQL environment. Apple CMS has a logic flaw vulnerability that can be exploited by attackers to delete arbitrary files and cause a system reinstallation...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/06/01 12:0 a.m.1 views

ZZCMS Buildable Product Merchandising Website Has Reinstallation Vulnerability

ZZCMS Buildable Product Merchandising Website is a PHP and MYSQL based CMS to quickly build product merchandising websites. The ZZCMS Buildable Product Merchandising Website has a reinstallation vulnerability that can be exploited by an attacker to overwrite the previous install.lock file,...

7AI score
Exploits0
CNVD
CNVD
added 2020/04/28 12:0 a.m.1 views

Harbin Weicheng Technology Co., Ltd. OurPHP has an arbitrary file deletion vulnerability

OurPHP is a PHP+MySQL based development of W3C-compliant website building system. Harbin Weicheng Technology Co., Ltd OurPHP has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any system files, and can further lead to the system being reinstalled...

7AI score
Exploits0
CNVD
CNVD
added 2020/04/23 12:0 a.m.2 views

Arbitrary file deletion vulnerability in Ridewind Multi-User PHP Statistics System V5.2 backend

Ride Multi-User PHP Statistics is a website traffic statistics system for web store statistics. Ridewind Multi-User PHP Statistics System V5.2 has an arbitrary file deletion vulnerability in the background, which can be exploited by attackers to delete files and cause system reinstallation...

7.1AI score
Exploits0
Rows per page
Query Builder