Lucene search
+L

85 matches found

susecve
susecve
added 2023/02/15 5:23 a.m.5 views

SUSE CVE-2015-0284

Cross-site scripting XSS vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for...

5.4CVSS6AI score0.01244EPSS
Exploits0References6
cnnvd
cnnvd
added 2023/01/13 12:0 a.m.3 views

DataX-Web 代码问题漏洞

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developers. A security vulnerability exists in DataX-Web v1.0.0 and v2.0.0 to v2.1.2, which stems from the fact that its RPC interface does not perform privilege checking by default, allowing an...

9.8CVSS8.8AI score0.01091EPSS
Exploits1References2
prion
prion
added 2022/12/16 4:15 p.m.22 views

Information disclosure

In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...

5CVSS5.2AI score0.00472EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2022/12/16 12:0 a.m.6 views

PT-2022-14745 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible permission bypass in strings.xml due to a misleading string, which could lead to remote information disclosure of call logs without requiring additional execution...

5.3CVSS5AI score0.00472EPSS
Exploits0References3
jvn
jvn
added 2022/08/24 6:58 a.m.4 views

Movable Type XMLRPC API vulnerable to command injection

Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According...

9.8CVSS7.8AI score0.01854EPSS
Exploits0References8
cnnvd
cnnvd
added 2022/02/25 12:0 a.m.5 views

JetBrains TeamCity 授权问题漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A security vulnerability exists in JetBrains TeamCity, which stems from the product's failure to validate user identities. An unauthenticated attacker could use the vulnerability to...

5.3CVSS5.6AI score0.00712EPSS
Exploits0References2
redhat
redhat
added 2021/11/09 6:42 p.m.4 views

grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call

A flaw was found in Grafana. The snapshot feature allows unauthenticated remote attackers to trigger a denial of service DoS via a remote API call if anonymous access is enabled. The highest threat from this vulnerability is to system availability...

7.5CVSS7.2AI score0.83042EPSS
Exploits0References5
cnvd
cnvd
added 2020/10/12 12:0 a.m.2 views

Sierra Wireless ALEOS Code Execution Vulnerability

Sierra Wireless ALEOS AAF is Sierra Wireless Canada's framework for creating applications in Sierra Wireless AirLink gateways. ALEOS versions 4.4.9, 4.9.5, and prior to 4.14.0 have a security vulnerability that originates from an unauthenticated RPC server allowing remote code execution. No...

9.8CVSS8.1AI score0.01834EPSS
Exploits0References1
osv
osv
added 2020/08/07 8:15 p.m.4 views

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

9.1CVSS7.3AI score0.0215EPSS
Exploits1References2
osv
osv
added 2020/05/21 11:15 p.m.5 views

CVE-2020-1113

A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'...

7.5CVSS7.1AI score0.07277EPSS
Exploits2References1
cnvd
cnvd
added 2019/09/25 12:0 a.m.7 views

CloudBees Jenkins Call Remote Job Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Call Remote Job Plugin is used in one of the...

6.5CVSS6.5AI score0.01001EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2019/04/30 12:0 a.m.6 views

The vulnerability of the RemoteCall sub-component of the PeopleSoft Enterprise PT PeopleTools component of the Oracle PeopleSoft Products suite allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the RemoteCall sub-component of the PeopleSoft Enterprise PT PeopleTools component of the Oracle PeopleSoft Products suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

4.3CVSS5.8AI score0.00978EPSS
Exploits0References2Affected Software1
osv
osv
added 2018/12/09 7:29 p.m.2 views

DEBIAN-CVE-2018-19653

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verifyoutgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade...

5.9CVSS7AI score0.01223EPSS
Exploits0References1
joomla
joomla
added 2018/09/14 12:0 a.m.493 views

Magiczoomplus for Joomla, 3.3.4, Insecure Folder Permissions

Magiczoomplus for Joomla, versions 3.3.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure. Resolution: update to 3.3.6 Update notice: https://www.magictoolbox.com/jv-release-update/ Note that the VEL do not agree with the developer's...

1.3AI score
Exploits0References2Affected Software1
schneier
schneier
added 2018/08/21 10:58 a.m.27 views

"Two Stage" BMW Theft Attempt

Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disable...

1.3AI score
Exploits0
osv
osv
added 2018/07/10 6:29 p.m.4 views

CVE-2018-2439

The SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation for example, where the request is validated for authenticity and validity and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server IGS d...

5.9CVSS5.8AI score0.01556EPSS
Exploits0References3
vulncheck_kev
vulncheck_kev
added 2017/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-3623

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel RPC. For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the...

10CVSS7.3AI score0.21965EPSS
Exploits5References1
cnvd
cnvd
added 2016/07/14 12:0 a.m.6 views

Empire Download System V2.5 JS Remote Call Vulnerability

Empire Download System" is a code completely open source, dedicated to the website information download and online video site to provide solutions. Empire Download System V2.5 version of the JS call function has a remote call vulnerability. Allow attackers to exploit the vulnerability is exploite...

6.4AI score
Exploits0
myhack58
myhack58
added 2016/04/22 12:0 a.m.6665 views

. NET Remoting remote code execution vulnerability explore-exploit warning-the black bar safety net

This is an article on . NET Remoting the security of the Coptic text, in the article will use a simple RCE exploit and provide the right case will be described. This paper mainly has the following content: 1. The . NET Remoting technology made a brief introduction 2. Use VS 编写 一 个 简单 的 .NET...

Exploits0
bdu_fstec
bdu_fstec
added 2016/01/18 12:0 a.m.8 views

The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.

The vulnerability of the SharedObject object implementation in Flash Player and Adobe Integrated Runtime is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely by causing “type mismatches” during the getRemote call...

9.3CVSS8.2AI score0.06571EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder