Lucene search
K

2294 matches found

0day.today
0day.today
added 2015/10/02 12:0 a.m.29 views

FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities

Exploit for php platform in category web applications Vendor: ================================ www.ftgate.com Product: ======================================== FTGate 2009 SR3 May 13 2010 Build 6.4.00 Vulnerability Type: ================================= Cross site request forgery CSRF CVE...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/09/22 12:0 a.m.32 views

Kirby CMS 2.1.0 - CSRF Content Upload and PHP Script Execution Vulnerability

Exploit for php platform in category web applications ============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2015/09/18 12:0 a.m.35 views

F5 BIG-IP - OpenSSL vulnerability CVE-2015-1791

The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

6.8CVSS6.8AI score0.15968EPSS
Exploits0References1
myhack58
myhack58
added 2015/08/13 12:0 a.m.17 views

Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...

0.2AI score
Exploits0
CNVD
CNVD
added 2015/07/30 12:0 a.m.3 views

dhcpcd Denial of Service Vulnerability

dhcpcd is an RFC2131 and RFC1541 compliant DHCP client daemon for automatic configuration of IPv4 networks. A denial of service vulnerability exists in dhcpcd that allows a remote DHCP server to execute arbitrary code or cause a denial of service via a crafted message...

6.8CVSS7.8AI score0.01841EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/07/14 12:0 a.m.55 views

phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt Vendor: ================================ bitbucket.org/phpliteadmin Product: ================================ phpLiteAdmin v1.1 Advisory Information:...

7.3AI score
Exploits0
OwnCloud
OwnCloud
added 2015/06/08 7:40 p.m.53 views

Desktop Client: Improper validation of certificates when using self-signed certificates

The ownCloud Desktop Client was vulnerable against MITM attacks until version 1.8.2 in combination with self-signed certificates. To be exploitable the following conditions have to be met: The connection to the remote ownCloud server must be secured using a self-signed certificate which the user...

2.6CVSS2AI score0.00825EPSS
Exploits0Affected Software1
n0where
n0where
added 2015/05/30 4:30 p.m.48 views

Ruby Web Applications Vulnerability Scanner: Yasuo

Ruby Web Applications Vulnerability Scanner Yasuo is a ruby script that scans for vulnerable 3rd-party web applications While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us ...

8.5AI score
Exploits0References1
Kitploit
Kitploit
added 2015/05/29 3:1 a.m.18 views

YASUO - Scans for Vulnerable & Exploitable 3rd-party Web Applications

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiti...

8.6AI score
Exploits0References1
Fedora
Fedora
added 2015/05/27 4:21 p.m.15 views

[SECURITY] Fedora 22 Update: postgresql-9.4.2-1.fc22

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

0.8AI score
Exploits0
NVD
NVD
added 2015/05/01 3:59 p.m.17 views

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

5CVSS8.4AI score0.07538EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2015/04/28 12:0 a.m.37 views

IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 4 GIF Code Execution (credentialed check)

The version of IBM Domino formerly IBM Lotus Domino installed on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 FP6 Interim Fix 4 IF4. It is, therefore, potentially affected by an integer truncation error when processing GIF files. A remote attacker, using a crafted GIF file, could exploit th...

10CVSS6.2AI score0.423EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2015/04/09 12:0 a.m.71 views

libssh2: out-of-bounds read

When negotiating a new SSH session with a remote server, one of libssh2's functions for doing the key exchange kexagreemethods was naively reading data from the incoming packet and using it without doing sufficient range checks. The SSHMSGKEXINIT packet arrives to libssh2 with a set of strings,...

6.8CVSS3.4AI score0.03501EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.31 views

Mandriva Linux Security Advisory : libssh2 (MDVSA-2015:148-1)

Updated libssh2 packages fix security vulnerability : Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSHMSGKEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in t...

6.8CVSS7.4AI score0.03501EPSS
Exploits0References2
Fedora
Fedora
added 2015/03/19 6:44 p.m.30 views

[SECURITY] Fedora 21 Update: duplicity-0.6.25-3.fc21

Duplicity incrementally backs up files and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote or local file server. In theory many protocols for connecting to a file server could be supported; so far ssh/scp, local file access, rsync, ftp, HSI, WebDAV and Amazon ...

5.8CVSS0.2AI score0.02939EPSS
Exploits0
Fedora
Fedora
added 2015/03/19 6:43 p.m.16 views

[SECURITY] Fedora 20 Update: duplicity-0.6.25-3.fc20

Duplicity incrementally backs up files and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote or local file server. In theory many protocols for connecting to a file server could be supported; so far ssh/scp, local file access, rsync, ftp, HSI, WebDAV and Amazon ...

5.8CVSS0.2AI score0.02939EPSS
Exploits0
securityvulns
securityvulns
added 2015/03/15 12:0 a.m.47 views

[SECURITY] [DSA 3182-1] libssh2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3182-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 11, 2015 http://www.debian.org/security/faq -...

6.8CVSS1.7AI score0.03501EPSS
Exploits0
OSV
OSV
added 2015/03/11 12:0 a.m.28 views

DSA-3182-1 libssh2 - security update

Bulletin has no description...

6.8CVSS6.5AI score0.03501EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.121 views

ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities

Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...

8.4AI score
Exploits0
Kitploit
Kitploit
added 2014/12/16 1:45 a.m.20 views

PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands

PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You...

7.9AI score
Exploits0References1
Rows per page
Query Builder