Lucene search
K

5655 matches found

BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.4 views

The vulnerability of the MapPress Maps plugin in the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the MapPress Maps plugin for the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS6.2AI score0.02021EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.1 views

PT-2023-7030 · Microsoft · Dynamics 365

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to a lack of protection for the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker could...

6.2CVSS8.8AI score0.01277EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/11/13 3:31 p.m.6 views

CVE-2023-6099 Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 lead...

7.5CVSS6.9AI score0.00921EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/31 12:0 a.m.43 views

GLSA-202310-21 : ConnMan: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-21 ConnMan: Multiple Vulnerabilities - An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an...

9.8CVSS8.4AI score0.02598EPSS
Exploits3References8
0day.today
0day.today
added 2023/10/30 12:0 a.m.405 views

phpFox 4.8.13 PHP Object Injection Exploit

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject...

9.8CVSS7.4AI score0.01806EPSS
Exploits3
Prion
Prion
added 2023/10/26 8:15 p.m.17 views

Default credentials

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

7.5CVSS9.7AI score0.00494EPSS
Exploits1References1Affected Software3
Vulnrichment
Vulnrichment
added 2023/10/26 7:47 p.m.7 views

CVE-2023-5754 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

9.1CVSS7.4AI score0.00494EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/10/21 12:0 a.m.6 views

PT-2023-9453 · Ibm · Ibm Cognos Dashboards On Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Cognos Dashboards on Cloud Pak for Data version 4.7.0 Description: The issue is related to the exposure of sensitive information in container images, which could lead to further attacks against the system. This is due to the transmission ...

7.5CVSS7.1AI score0.00357EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.15 views

Ubuntu 18.04 ESM : VCFtools vulnerabilities (USN-4835-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4835-1 advisory. It was discovered that VCFtools improperly handled certain input. If a user were tricked into opening a crafted input file, VCFtools could be made to cra...

7.8CVSS7.1AI score0.22369EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/10/18 12:0 a.m.15 views

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

6.8AI score0.00887EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.27 views

Ubuntu 16.04 ESM / 18.04 ESM / 22.04 ESM : VIPS vulnerabilities (USN-6437-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6437-1 advisory. Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into...

7.5CVSS6.5AI score0.02297EPSS
Exploits3References6
CVE
CVE
added 2023/10/17 12:8 p.m.63 views

CVE-2023-42627

CVE-2023-42627 is a set of stored XSS vulnerabilities in the Liferay Commerce module affecting Portal 7.3.5–7.4.3.91 and Liferay DXP 7.3 (update 33 and earlier) and 7.4 (before update 92). The flaws allow remote attackers to inject arbitrary script/HTML via crafted payloads in multiple shipping/b...

9.6CVSS5.3AI score0.02261EPSS
Exploits1References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.4 views

PT-2023-6339 · Oracle · Oracle Banking Trade Finance

Name of the Vulnerable Software and Affected Versions: Oracle Banking Trade Finance versions 14.5 through 14.7 Description: The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance. Exploitation of this issue may allow a remote attacker...

5.5CVSS4.6AI score0.00321EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.40 views

Ubuntu 16.04 ESM / 18.04 ESM : Lighttpd vulnerabilities (USN-4775-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4775-1 advisory. It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use...

7.5CVSS7.2AI score0.1408EPSS
Exploits2References3
Veracode
Veracode
added 2023/10/09 1:55 p.m.23 views

Arbitrary File Overwrite

ansible is vulnerable to Arbitrary File Overwrite. This vulnerability allows remote attackers to inject arbitrary HTML and script code into the response. This could allow attackers to steal cookies, perform phishing attacks, or take control of vulnerable systems...

6.3CVSS7.1AI score0.00859EPSS
Exploits0References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 6:25 p.m.29 views

Security Bulletin: IBM Security Directory Server is vulnerable to remote attacks (CVE-2022-33161, CVE-2022-33165)

Summary IBM Security Directory Integrator has issued an update to address these vulnerabilities affecting IBM Security Directory Server. Vulnerability Details CVEID:CVE-2022-33161 DESCRIPTION: IBM Security Directory Server could allow a remote attacker to obtain sensitive information, caused by t...

7.5CVSS6.4AI score0.01172EPSS
Exploits0Affected Software1
hivepro
hivepro
added 2023/10/04 8:27 a.m.50 views

Exim Vulnerable to Zero-Day Remote Code Execution Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Six zero-day vulnerabilities have been discovered in the Exim Internet Mailer, potentially putting thousands of email servers worldwide at risk. These vulnerabilities, if successfully exploited,...

8.2AI score0.10042EPSS
Exploits5
CVE
CVE
added 2023/10/03 12:0 a.m.50 views

CVE-2023-40519

CVE-2023-40519 describes a cross-site scripting (XSS) vulnerability in the Broadpeak Centralized Accounts Management Auth Agent, specifically the login portal at bpk-common/auth/login/index.html. The issue can be triggered by a malicious value in the disconnectMessage parameter, enabling remote a...

6.1CVSS5.9AI score0.00368EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/09/30 4:14 a.m.215 views

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 CVSS...

10CVSS8.7AI score0.99961EPSS
Exploits31
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.6 views

PT-2023-5618 · F5 · Big-Ip Apm

Name of the Vulnerable Software and Affected Versions: BIG-IP APM clients affected versions not specified Description: The issue is related to BIG-IP Access Policy Manager Clients APM Clients sending data in plain text, which can be exploited by a remote attacker to control the DNS server and...

8.2CVSS7.8AI score0.00237EPSS
Exploits0References6
Rows per page
Query Builder