Lucene search
+L

287 matches found

CNVD
CNVD
added 2015/10/30 12:0 a.m.5 views

Apple iOS CFNetwork cookie rewriting vulnerability

iOS is an operating system developed by Apple for mobile devices. A rewrite vulnerability exists in the Apple iOS CFNetwork cookie. An attacker can exploit this vulnerability to rewrite cookie values via a remote web server...

5.8CVSS8.9AI score0.01628EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/19 12:0 a.m.3 views

Apple iOS Warns of Message Denial of Service Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS that allows a remote WEB server to generate a large number of alert messages, resulting in a denial-of-service attack...

4.3CVSS6.6AI score0.01463EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/05/12 12:0 a.m.41 views

WordPress Multiple XSS

According to its version number, the WordPress application running on the remote web server is either version 3.7.x prior to 3.7.8, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.6, 4.1.x prior to 4.1.5, or 4.2.x prior to 4.2.2. It is, therefore, potentially affected by multiple cross-site scripting...

6.1CVSS6.5AI score0.17945EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2015/02/25 12:0 a.m.28 views

X2Engine < 4.0 ProfileController.php Unrestricted File Upload Vulnerability

According to its version number, the X2Engine application installed on the remote web server is prior to version 4.0. It is, therefore, potentially affected by a file upload vulnerability in the '/protected/controllers/ProfileController.php' script. An attacker can exploit this issue to upload...

8.8CVSS8.3AI score0.02906EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/01/22 12:0 a.m.22 views

MyBB < 1.6.13 Multiple Vulnerabilities

Binary data 8629.prm...

4.3CVSS7AI score0.00993EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2014/11/14 12:0 a.m.37 views

PHP 5.5.x < 5.5.19 'donote' DoS

According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.19. It is, therefore, affected by an out-of-bounds read error in the function 'donote' within the file 'ext/fileinfo/libmagic/readelf.c' that could allow application crashes. Note that Nessus has not...

5CVSS8AI score0.14013EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/07/16 12:0 a.m.84 views

Splunk Enterprise 4.3.x / 5.0.x < 5.0.9 / 6.0.x < 6.0.5 / 6.1.x < 6.1.2 Multiple OpenSSL Vulnerabilities

According to its version number, the Splunk Enterprise hosted on the remote web server is 4.3.x, 5.0.x prior to 5.0.9, 6.0.x prior to 6.0.5, or 6.1.x prior to 6.1.2. It is, therefore, affected by multiple OpenSSL-related vulnerabilities : - An unspecified error exists that allows an attacker to...

7.4CVSS7.5AI score0.95326EPSS
Exploits9References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Galacticomm Worldgroup 3.20 Remote Web Server Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4186/info Galacticomm Worldgroup is a community building package of both client and server software for Microsoft Windows. Worldgroup is based on BBS software, and includes web and ftp servers. A vulnerability has been...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/18 12:0 a.m.15 views

OSSIM tele_compress.php Directory Traversal

The OSSIM install hosted on the remote host has a directory traversal vulnerability. Input to the 'timestamp' parameter of the '/ossim/ocsreports/telecompress.php' script is not properly sanitized. A remote attacker could exploit this to download arbitrary files, subject to the privileges under...

7.8CVSS7.6AI score0.01714EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/11/27 12:0 a.m.26 views

Splunk < 5.0.6 Unspecified XSS

According to its version number, the Splunk Web hosted on the remote web server is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the...

4.3CVSS5.6AI score0.01788EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/09/05 12:0 a.m.32 views

Cacti < 0.8.8b Command and SQL Injections

Binary data 8004.prm...

7.5CVSS7.3AI score0.02391EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/08/15 12:0 a.m.1557 views

BigTree CMS index.php SQL Injection

The BigTree CMS install hosted on the remote web server fails to sanitize user-supplied input to the application's 'site/index.php' script before using it in a database query. An unauthenticated attacker may be able to exploit this issue to manipulate database queries, leading to disclosure of...

7.5CVSS5.4AI score0.03169EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2013/06/19 12:0 a.m.24 views

Gallery 3.0.x < 3.0.8 Multiple XSS

According to its version number, the Gallery install hosted on the remote web server contains cross-site scripting vulnerabilities in the 'uploadify.swf' and 'flowplay.swf' files, where URL fragments and parameters are not properly sanitized when called via direct requests. An attacker may be abl...

7.5CVSS5.2AI score0.02707EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/06/19 12:0 a.m.121 views

Apache Struts 2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution

The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the...

9.3CVSS7.9AI score0.93813EPSS
Exploits12References5
w3af
w3af
added 2013/06/10 11:2 p.m.36 views

afd

This plugin sends custom requests to the remote web server in order to verify if the remote network is protected by an IPS or WAF. afd plugin detects both TCP-Connection-reset and HTTP level filters, the first one usually implemented by IPS devices is easy to verify: if afd requests the custom pa...

7.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.23 views

hmap

This plugin fingerprints the remote web server and tries to determine the server type, version and patch level. It uses fingerprinting, not just the Server header returned by remote server. This plugin is a wrapper for Dustin Lees hmap. One configurable parameters exist: genFpF If genFpF is set t...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.18 views

fingerprint_os

This plugin fingerprints the remote web server and tries to determine the Operating System family Windows, Unix, etc.. The fingerprinting is at this moment really trivial, because it only uses one technique: windows path separator in the URL. For example, if the input URL is...

Exploits0
Tenable Nessus
Tenable Nessus
added 2013/06/06 12:0 a.m.127 views

Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities

According to its version number, the Splunk Web hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's...

5CVSS6.7AI score0.35584EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/04/12 12:0 a.m.25 views

Citrix Access Gateway User Web Interface Detection

The remote web server hosts the web interface for using Citrix Access Gateway, an SSL VPN appliance. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65951; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/22";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/04/12 12:0 a.m.21 views

Citrix Access Gateway Administrative Web Interface Detection

The remote web server hosts the web interface for administering Citrix Access Gateway, an SSL VPN appliance. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65949; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/22";...

5.5AI score
Exploits0References1
Rows per page
Query Builder