Lucene search
+L

2293 matches found

checkpoint_advisories
checkpoint_advisories
added 2014/05/04 12:0 a.m.35 views

Apple QuickTime ftab Atom Stack Buffer Overflow (CVE-2014-1246)

A stack buffer overflow vulnerability exists in Apple QuickTime. The vulnerability is due to insufficient validation on the length of font names when parsing atoms. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted file with t...

9.3CVSS7.5AI score0.04072EPSS
Exploits1
openvas
openvas
added 2014/05/02 12:0 a.m.24 views

Juniper Networks Junos OS J-Web Persistent Cross Site Scripting Vulnerability

Persistent XSS Vulnerability in J-Web SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if description...

4.3CVSS5AI score0.01788EPSS
Exploits1References2
openvas
openvas
added 2014/05/02 12:0 a.m.23 views

Juniper Networks Junos OS DoS Vulnerability (JSA10620)

Juniper Networks Junos OS is prone to a denial of service DoS vulnerability for new dynamic VPN connections. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

5CVSS5.2AI score0.01583EPSS
Exploits1References2
cert
cert
added 2014/05/01 12:0 a.m.33 views

Google Search Appliance dynamic navigation cross-site scripting vulnerability

Overview Google Search Appliance GSA devices contain a cross-site scripting XSS vulnerability when dynamic navigation is enabled. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Google Search Appliance versions earlier than 7.2.0.G.114 and...

4.3CVSS5.5AI score0.01177EPSS
Exploits0References2
jvn
jvn
added 2014/04/18 4:35 a.m.5 views

Cybozu Remote Service Manager vulnerable to session fixation

Overview Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As...

6.8CVSS6.8AI score0.01734EPSS
Exploits0References5
cert
cert
added 2014/04/14 12:0 a.m.44 views

Xangati software release contains relative path traversal and command injection vulnerabilities

Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...

9CVSS6.9AI score0.06162EPSS
Exploits0References3
zdt
zdt
added 2014/04/10 12:0 a.m.37 views

csChat-R-Box Script Site Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: "csChat-R-Box Script Site" Cross-Site Scripting XSS Google Dork: csChatRBox.cgi Date: 4/10/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link:...

7.1AI score
Exploits0
prion
prion
added 2014/03/24 4:43 p.m.20 views

Sql injection

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the 1 search or 2 orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote...

6.5CVSS9AI score0.04314EPSS
Exploits4References6Affected Software1
jvn
jvn
added 2014/03/20 5:5 a.m.8 views

ES File Explorer vulnerable to directory traversal

Overview ES File Explorer provided by ES APP Group contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.8CVSS7AI score0.01388EPSS
Exploits0References5
checkpoint_advisories
checkpoint_advisories
added 2014/03/16 12:0 a.m.33 views

HP Data Protector CRS Multiple Stack Buffer Overflows (CVE-2013-6195)

Multiple stack buffer overflows exist in HP Data Protector. The vulnerabilities are due to a lack of input sanitization on Strings provided with various opcodes. The strings are not validated for length before being copied into a fixed-size stack buffer. A remote unauthenticated attacker could...

3.7AI score0.10436EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
added 2014/03/16 12:0 a.m.5 views

Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)

A heap buffer overflow vulnerability has been reported in Oracle MySQL Client. This vulnerability is due to insufficient validation of the server's version string. A remote unauthenticated attacker can exploit this vulnerability by enticing the user to connect to a malicious server. Successful...

3.4AI score0.06353EPSS
Exploits0
prion
prion
added 2014/03/13 2:55 p.m.20 views

Sql injection

SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands...

7.5CVSS8.3AI score0.02939EPSS
Exploits5References7Affected Software1
securityvulns
securityvulns
added 2014/03/13 12:0 a.m.69 views

AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-003 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On January 29, 2014 Reported By Joshua Col...

4.3CVSS0.4AI score0.0435EPSS
Exploits0
securityvulns
securityvulns
added 2014/03/13 12:0 a.m.57 views

AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On February 21, 2014 Reported By Lucas...

7.5CVSS0.4AI score0.1639EPSS
Exploits1
nvd
nvd
added 2014/03/11 7:37 p.m.33 views

CVE-2012-6290

SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/adminsearch/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands...

6.5CVSS7.9AI score0.04234EPSS
Exploits7References8
cvelist
cvelist
added 2014/03/11 3:0 p.m.45 views

CVE-2012-6290

SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/adminsearch/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands...

8AI score0.04234EPSS
Exploits7References8
checkpoint_advisories
checkpoint_advisories
added 2014/03/11 12:0 a.m.52 views

Symantec Endpoint Protection Manager XML External Entity Denial Of Service (CVE-2013-5014)

A XML external entity XXE vulnerability exists in Symantec Endpoint Protection Manager SEPM. This is due to an incorrectly configured XML parser in the management console that readily processes XML external entities. A remote unauthenticated attacker may exploit this vulnerability via specially...

7.5CVSS1.3AI score0.67573EPSS
Exploits13
mageia
mageia
added 2014/03/01 10:57 p.m.41 views

Updated zarafa packages fix security vulnerabilities

Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users CVE-2014-0037, CVE-2014-0079...

5CVSS6.7AI score0.02415EPSS
Exploits0References3
zdt
zdt
added 2014/02/20 12:0 a.m.84 views

MediaWiki Thumb.php Remote Command Execution Exploit

Exploit for multiple platform in category remote exploits require 'msf/core' class Metasploit3 'MediaWiki Thumb.php Remote Command Execution', 'Description' = %q MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows...

6CVSS0.1AI score0.42777EPSS
Exploits12
nessus
nessus
added 2014/02/20 12:0 a.m.15 views

Mandriva Linux Security Advisory : zarafa (MDVSA-2014:044)

Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users CVE-2014-0037, CVE-2014-0079. The updated packages have been upgraded to the 7.1.8 version which...

5CVSS5.5AI score0.02415EPSS
Exploits0References4
Rows per page
Query Builder