Lucene search
K

95 matches found

BDU FSTEC
BDU FSTEC
added 2016/02/12 12:0 a.m.9 views

The vulnerability of the centralized device management system of Cisco Unified Computing System Central and the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary commands.

The vulnerability of the CGI script of the Cisco Unified Computing System Central device management system and the Cisco Firepower Extensible Operating System exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...

10CVSS8.2AI score0.08684EPSS
Exploits2References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2015/11/11 12:0 a.m.2 views

IBM Tivoli Storage Manager FastBack Server FXCLI_OraBR_Exec_Command Buffer Overflow (CVE-2015-1929)

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking while processing remote requests within the FXCLIOraBRExecCommand function. A remote unauthenticated attacker could exploit this vulnerability by sendin...

7.8CVSS9.6AI score0.03254EPSS
Exploits0
RubySec
RubySec
added 2015/06/16 12:0 a.m.29 views

IP whitelist bypass in Web Console

Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...

4.3CVSS5.2AI score0.44984EPSS
Exploits6References1Affected Software1
OSV
OSV
added 2015/04/28 2:59 p.m.3 views

DEBIAN-CVE-2015-3340

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a 1 XENDOMCTLgettscinfo or 2 XENSYSCTLgetdomaininfolist request...

2.9CVSS8.3AI score0.00793EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Nokia SGSN DX200 Remote SNMP Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7081/info It has been reported that some models of the SGSN made by Nokia do not properly handle remote requests for information. Vulnerable devices may disclose sensitive information which could enable an attacker may be...

7.1AI score
Exploits0
OSV
OSV
added 2014/05/08 2:29 p.m.3 views

DEBIAN-CVE-2013-3571

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service file descriptor consumption via multiple request that are refused based on the 1 sourceport, 2 lowport, 3 range, or 4...

2.6CVSS8.4AI score0.02061EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2013/11/19 12:0 a.m.33 views

SuSE Update for NRPE openSUSE-SU-2013:0621-1 (NRPE)

Check for the Version of NRPE OpenVAS Vulnerability Test $Id: gbsuse201306211.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for NRPE openSUSE-SU-2013:0621-1 NRPE Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

7.5CVSS6.3AI score0.65724EPSS
Exploits9References1
OpenVAS
OpenVAS
added 2013/11/19 12:0 a.m.31 views

openSUSE: Security Advisory for NRPE (openSUSE-SU-2013:0624-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.2AI score0.65724EPSS
Exploits9References1
Check Point Advisories
Check Point Advisories
added 2013/06/02 12:0 a.m.8 views

EMC AlphaStor Library Control Program Multiple Buffer Overflows (CVE-2013-0946)

Multiple buffer overflow vulnerabilities has been reported in EMC AlphaStor Library Control Program LCP while parsing remote requests. The vulnerabilities are due to missing bounds check while copying request data into fixed length stack buffers. An unauthenticated attackers can exploit this...

9.3CVSS8.1AI score0.28547EPSS
Exploits3
OPENSUSE Linux
OPENSUSE Linux
added 2013/04/04 6:4 p.m.42 views

NRPE metacharacter filtering omission (important)

NRPE the Nagios Remote Plug-In Executor allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as checkhttp, to execute...

7.5CVSS2.7AI score0.65724EPSS
Exploits9References1
Tenable Nessus
Tenable Nessus
added 2013/04/04 12:0 a.m.38 views

SuSE 11.2 Security Update : puppet (SAT Patch Number 7526)

puppet has been updated to fix 2.6.18 multiple vulnerabilities and bugs. - 19391 Find the catalog for the specified node name - Don't assume master supports SSLv2 - Don't require openssl client to return 0 on failure - Display SSL messages so we can match our regex - Don't assume puppetbindir is...

9CVSS7.1AI score0.05375EPSS
Exploits0References15
Cvelist
Cvelist
added 2010/05/20 9:0 p.m.16 views

CVE-2010-2007

Multiple cross-site request forgery CSRF vulnerabilities in LetoDMS formerly MyDMS 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use 1 op/op.EditUserData.php, 2 op/op.UsrMgr.php, 3 out/out.RemoveVersion.php, 4 op/op.RemoveFolder.php, 5...

7.3AI score0.00664EPSS
Exploits1References5
Prion
Prion
added 2007/04/10 11:19 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

6.8CVSS5.8AI score0.01551EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2007/04/10 11:19 p.m.20 views

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

6.8CVSS5.5AI score0.01551EPSS
Exploits1References7
exploitpack
exploitpack
added 2003/03/13 12:0 a.m.9 views

Nokia SGSN DX200 - Remote SNMP Information Disclosure

Nokia SGSN DX200 - Remote SNMP Information Disclosure source: https://www.securityfocus.com/bid/7081/info It has been reported that some models of the SGSN made by Nokia do not properly handle remote requests for information. Vulnerable devices may disclose sensitive information which could enabl...

7.3AI score
Exploits0
Rows per page
Query Builder