Lucene search
+L

2293 matches found

cert
cert
added 2014/01/08 12:0 a.m.41 views

QNAP QTS path traversal vulnerability

Overview QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-7174QNAP QTS is a Network-Attached Storage NAS system accessible via a web interface. QNAP QTS...

7.8CVSS6.4AI score0.0206EPSS
Exploits0References2
cert
cert
added 2014/01/07 12:0 a.m.53 views

Synology DiskStation Manager arbitrary file modification

Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...

10CVSS7.1AI score0.84571EPSS
Exploits5References2
checkpoint_advisories
checkpoint_advisories
added 2013/12/31 12:0 a.m.63 views

Cisco Prime Data Center Network Manager FileUploadServlet Arbitrary File Upload (CVE-2013-5486; CVE-2019-1620)

An arbitrary file upload vulnerability exists in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadServlet when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to...

10CVSS9.4AI score0.8378EPSS
Exploits11
zdt
zdt
added 2013/12/12 12:0 a.m.37 views

InstantCMS 1.10.3 SQL Injection Vulnerability

InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability. Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21...

7.5CVSS7.5AI score0.01299EPSS
Exploits7
checkpoint_advisories
checkpoint_advisories
added 2013/12/11 12:0 a.m.55 views

Apache Roller OGNL Injection Remote Code Execution (CVE-2013-4212)

A command execution vulnerability exists in Apache Roller due to a lack of sanitization on OGNL expressions passed to certain methods. This can lead to OGNL injection which can result in remote code execution. A remote unauthenticated attacker could exploit this vulnerability by sending crafted...

6.8CVSS7.6AI score0.81068EPSS
Exploits7
checkpoint_advisories
checkpoint_advisories
added 2013/12/02 12:0 a.m.67 views

Microsoft IIS Request Header Buffer Overflow (MS10-065; CVE-2010-2730)

A code execution vulnerability exists in Microsoft Internet Information Services IIS when FastCGI is enabled. Successful exploitation would allow an attacker to inject and execute arbitrary code on the target system with the security privileges of the IIS Worker process. The vulnerability is due ...

9.3CVSS7.9AI score0.32826EPSS
Exploits1
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.63 views

[security bulletin] HPSBMU02915 rev.1 - HP Service Manager, Remote Unauthenticated Access and Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03888320 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03888320 Version: 1 HPSBMU02915 rev....

10CVSS6.4AI score0.04394EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.143 views

Samsung DVR authentication bypass

Title: Samsung DVR authentication bypass Version affected: firmware version = 1.10 Vendor: Samsung - www.samsung-security.com Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Samsung provides a wide range of DVR...

0.4AI score
Exploits0
saint
saint
added 2013/09/19 12:0 a.m.40 views

HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow

Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

10CVSS7.9AI score0.08695EPSS
Exploits4
openvas
openvas
added 2013/09/10 12:0 a.m.31 views

Symantec PGP Desktop Untrusted Search Path Vulnerability

Symantec PGP Desktop is prone to untrusted search path vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.3CVSS6.7AI score0.04157EPSS
Exploits0References3
saint
saint
added 2013/09/09 12:0 a.m.42 views

HP System Management Homepage iprange Parameter Stack Buffer Overflow

Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...

2.1CVSS9.8AI score0.00527EPSS
Exploits4
openvas
openvas
added 2013/09/06 12:0 a.m.29 views

Symantec PGP Desktop and Encryption Desktop Integer Overflow Vulnerability

Symantec PGP/Encryption Desktop is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

6.9CVSS7.1AI score0.00257EPSS
Exploits0References3
zdt
zdt
added 2013/08/03 12:0 a.m.25 views

Wordpress Better WP Security Plugin - Stored XSS Vulnerability

Richard Warren ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version...

7.1AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2013/07/21 12:0 a.m.17 views

Oracle MySQL Server InnoDB Memcached Plugin Resource Exhaustion - High Confidence (CVE-2013-1570)

A memory exhaustion vulnerability has been reported in the InnoDB memcached plugin component of Oracle MySQL Server. This vulnerability is due to incorrect freeing of allocated memory when processing certain type of requests. A remote unauthenticated attacker can exploit this vulnerability by...

5CVSS5.4AI score0.02661EPSS
Exploits0
saint
saint
added 2013/07/18 12:0 a.m.33 views

Novell ZENworks Mobile Management DUSAP.php Language Parameter Vulnerability

Added: 07/18/2013 CVE: CVE-2013-1082 BID: 60179 OSVDB: 91118 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

7.5CVSS7.3AI score0.12767EPSS
Exploits5
saint
saint
added 2013/07/18 12:0 a.m.38 views

Novell ZENworks Mobile Management DUSAP.php Language Parameter Vulnerability

Added: 07/18/2013 CVE: CVE-2013-1082 BID: 60179 OSVDB: 91118 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

7.5CVSS7.3AI score0.12767EPSS
Exploits5
nessus
nessus
added 2013/07/12 12:0 a.m.24 views

Oracle Linux 3 : samba (ELSA-2007-1013)

From Red Hat Security Advisory 2007:1013 : Updated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Samba is a suite of programs used by...

9.3CVSS8.9AI score0.1125EPSS
Exploits2References3
nessus
nessus
added 2013/07/12 12:0 a.m.35 views

Oracle Linux 4 : samba (ELSA-2007-1016)

From Red Hat Security Advisory 2007:1016 : Updated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Samba is a suite of programs used by machines t...

9.3CVSS8.9AI score0.1125EPSS
Exploits3References4
cert
cert
added 2013/05/14 12:0 a.m.49 views

Adobe ColdFusion 9 & 10 code injection vulnerability

Overview Adobe ColdFusion 9, 9.0.1, 9.0.2 with the APSB13-03 hotfix and 10 are vulnerable to a code injection vulnerability when ColdFusion is configured to not require authentication and RDS is disabled. Description Adobe ColdFusion is vulnerable to a code injection attack when RDS is disabled a...

10CVSS6.9AI score0.0613EPSS
Exploits2References5
cert
cert
added 2013/05/01 12:0 a.m.31 views

IBM Notes runs arbitrary JAVA and Javascript in emails

Overview IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails. Description The n.runs AG security advisory states:Notes 8.5.3 does not filter tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources making it an information...

6.9AI score
Exploits0References5
Rows per page
Query Builder