Lucene search
+L

2293 matches found

exploitpack
exploitpack
added 2014/11/13 12:0 a.m.16 views

Proticaret E-Commerce Script 3.0 - SQL Injection (1)

Proticaret E-Commerce Script 3.0 - SQL Injection 1 Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information:...

0.2AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2014/10/23 12:0 a.m.20 views

PowerDNS Recursor Denial of Service (CVE-2014-3614)

A denial-of-service vulnerability has been found in PowerDNS Recursor. The vulnerability is due to insufficient validation of DNS queries. A remote unauthenticated attacker could exploit this vulnerability by sending maliciously crafted DNS queries to a vulnerable server. Successful exploitation...

5CVSS6.2AI score0.06023EPSS
Exploits0
packetstorm
packetstorm
added 2014/10/16 12:0 a.m.35 views

NETIS DL4322D XSS / CSRF / DoS

Vulnerable Device: NETIS DL4322D 300Mbps Wireless N ADSL2+ Modem Router Multiple vulnerabilites Other models of netis may also suffer from this vulns Vendor: http://www.netis-systems.com Product overview: http://www.netis-systems.com/en/products/ADSL2+-Wireless-Modem-Router/941.html The netis...

0.3AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2014/10/13 12:0 a.m.48 views

HP Data Protector Opcode 305 Directory Traversal (CVE-2014-5160)

A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization of a file name provided with Opcode 305. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful...

6.4CVSS4.2AI score0.34765EPSS
Exploits0
nessus
nessus
added 2014/10/12 12:0 a.m.83 views

Amazon Linux AMI : bash (ALAS-2014-418) (Shellshock)

This ALAS is superceded by ALAS-2014-419. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

10CVSS8.5AI score0.99999EPSS
Exploits132References3
redhat
redhat
added 2014/10/02 6:40 p.m.16 views

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

10CVSS7.5AI score0.99999EPSS
Exploits132References8
checkpoint_advisories
checkpoint_advisories
added 2014/09/30 12:0 a.m.6 views

Mozilla Firefox DOMSVGLength Reflected Attribute Use-After-Free (CVE-2014-1563)

A use after free vulnerability exists in Mozilla Firefox. The vulnerability is due to an issue with handling DOMSVGLength objects. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a malicious page. Successful exploitation could lead to arbitrary...

10CVSS3.1AI score0.05801EPSS
Exploits0
redhat
redhat
added 2014/09/26 1:46 a.m.116 views

Important: Red Hat Security Advisory: bash security update

Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Re...

10CVSS7.2AI score0.99999EPSS
Exploits143References3
redhat
redhat
added 2014/09/26 1:46 a.m.7 views

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

10CVSS7.4AI score0.99999EPSS
Exploits141References6
openvas
openvas
added 2014/09/25 12:0 a.m.41 views

CentOS Update for bash CESA-2014:1293 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.7AI score0.99999EPSS
Exploits132References5
checkpoint_advisories
checkpoint_advisories
added 2014/09/22 12:0 a.m.12 views

Drupal Core XML-RPC Endpoint xmlrpc.php Tags Denial of Service (CVE-2014-5266)

A denial of service vulnerability has been reported in Drupal Core. The vulnerability can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...

5CVSS2.9AI score0.24385EPSS
Exploits3
checkpoint_advisories
checkpoint_advisories
added 2014/09/21 12:0 a.m.1 views

Microsoft Internet Explorer onreadystatechange Use After Free

A use after free vulnerability exists in Microsoft Internet Explorer. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the...

4AI score
Exploits0
redhat
redhat
added 2014/09/16 5:28 a.m.3 views

conga: Multiple information leak flaws in various luci site extensions

Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure...

5CVSS5.6AI score0.01779EPSS
Exploits0References4
redhat
redhat
added 2014/09/16 5:28 a.m.4 views

krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens

A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application...

7.8CVSS7.1AI score0.06614EPSS
Exploits0References4
checkpoint_advisories
checkpoint_advisories
added 2014/08/10 12:0 a.m.50 views

HP Service Virtualization AutoPass License Server Directory Traversal (CVE-2013-6221)

A code execution vulnerability exists in HP Service Virtualization running the AutoPass License Server. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation of this vulnerability could result in creation ...

10CVSS3.4AI score0.77935EPSS
Exploits4
checkpoint_advisories
checkpoint_advisories
added 2014/07/21 12:0 a.m.27 views

HP SiteScope EmailServlet Information Disclosure (CVE-2014-2614)

An information disclosure vulnerability has been reported in HP SiteScope. The vulnerability is due to a lack of input validation in the EmailServlet servlet when processing HTTP requests. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...

7.5CVSS5.9AI score0.0485EPSS
Exploits0
nessus
nessus
added 2014/07/20 12:0 a.m.30 views

Debian DSA-2981-1 : polarssl - security update

A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute...

5CVSS5.6AI score0.02427EPSS
Exploits0References4
seebug
seebug
added 2014/07/01 12:0 a.m.19 views

Hosting Controller <= 6.1 Hotfix 3.2 - Remote Unauthenticated Vulns

No description provided by source. Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2014/06/13 12:0 a.m.60 views

AST-2014-005: Remote Crash in PJSIP Channel Driver&#39;s Publish/Subscribe Framework

Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On March 17, 2014 Reported...

4.3CVSS0.5AI score0.02769EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.56 views

[ MDVSA-2014:044 ] zarafa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:044 http://www.mandriva.com/en/support/security/ Package : zarafa Date : February 19, 2014 Affected: Business Server 1.0 Problem Description: Robert Scheck discovered multiple vulnerabilities in Zarafa that...

5CVSS6.7AI score0.02415EPSS
Exploits0
Rows per page
Query Builder