Lucene search
K

9495 matches found

CNVD
CNVD
added 2017/04/09 12:0 a.m.3 views

Vkflash image rotation management system A_ID parameter has SQL injection vulnerability

Vkflash Picture Rotation Management System is a set of Flash picture rotation management system based on RuoChi's Bcastr processing and secondary development. Vkflash Image Rotation Management System has a SQL injection vulnerability in the AID parameter, which can be exploited by attackers to...

7.7AI score
Exploits0
0day.today
0day.today
added 2017/03/29 12:0 a.m.60 views

Ubuntu 15.04 (Dev) - Upstart Logrotation Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/ Introduction Problem description: Ubuntu Vivid 1504 development branch installs an insecure upstart logrotation script which will read user-supplied data from...

7.2CVSS6.4AI score0.01015EPSS
Exploits2
Veracode
Veracode
added 2017/01/10 3:0 a.m.11 views

Session Fixation

clearance is vulnerable to session fixation attacks. These attacks are possible because the CSRF token is not rotated on sign in...

6.7AI score
Exploits0
Filippo.io
Filippo.io
added 2016/12/06 1:48 p.m.14 views

I'm giving up on PGP

After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up. At least on the concept of long term PGP keys. This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It's about the lon...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/11/16 12:0 a.m.321 views

Nginx (Debian-Based Distributions) - Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/bin/bash Source: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html Nginx Debian-based distros - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid...

7.2CVSS0.1AI score0.04863EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.3 views

php: Out-of-bounds memory read via gdImageRotateInterpolated

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted image file could cause a PHP application using the imagerotate function to disclose portions of the server memory or crash the PHP application...

9.1CVSS7.5AI score0.07806EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2016/11/01 7:44 p.m.11 views

Simplifying SSH keys and SSL Certs Management across the Enterprise using Key Manager Plus

With rapidly growing web-based services and widely expanding locations, organizations are using more and more SSL certificates as well as SSH keys than ever. From authentication, confidentiality, and integrity to preventing the organization from industrial espionage, SSL certificates play an...

6.7AI score
Exploits0
Citrix
Citrix
added 2016/09/23 12:0 a.m.7 views

XenServer Syslog Rotation and Tuning

Disk space on XenServer's root partition is almost at or is at capacity perdf -h There are numerous compressed "gz" files in /var/log/ from Syslog rotation...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/07/15 12:0 a.m.62 views

Fedora 24 : gd (2016-a4d48d6fd6)

Version 2.2.2 Security related fixes : - Integer Overflow in gdImagePaletteToTrueColor resulting in heap overflow CVE-2016-5767 - Stack overflow with gdImageFillToBorder CVE-2015-8874 - Integer Overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766 - NULL pointer Dereference at...

8.8CVSS7.4AI score0.08276EPSS
Exploits2References4
CNVD
CNVD
added 2016/06/12 12:0 a.m.2 views

SQL Injection Vulnerability in F_ID Parameter of Vkflash Image Rotation Management System

Vkflash Picture Rotation Management System is a set of Flash picture rotation management system based on RuoChi's Bcastr processing and secondary development. Vkflash image rotation management system FID parameter SQL injection vulnerability, allowing attackers to exploit the vulnerability to...

7.8AI score
Exploits0References1
Hacker One
Hacker One
added 2016/05/25 11:50 p.m.23 views

drchrono: Security Issue : CSRF Token Design Flaw

Introduction: Hello I am Bruin, a security researcher and analyst. I have been able to identify a bypass in your CSRF protection mechanism, which upon a successful execution can result in a successful CSRF attack on a victim's account. Description: CSRF Token's are different from session ID'S in ...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/02/24 12:0 a.m.8 views

The vulnerability of the PHP interpreter allows attackers to trigger a service failure or obtain confidential information.

The vulnerability of the gdImageRotateInterpolated function in the ext/gd/libgd/gdinterpolation.c file in the PHP interpreter is caused by a buffer overflow. Exploiting this vulnerability can allow an attacker to obtain confidential information or cause a service failure memory access out of...

6.4CVSS8AI score0.07806EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2016/01/19 5:59 a.m.37 views

Out-of-bounds

The gdImageRotateInterpolated function in ext/gd/libgd/gdinterpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and application crash via a large bgdcolor argument to t...

6.4CVSS7AI score0.07806EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2016/01/19 12:0 a.m.3 views

UBUNTU-CVE-2016-1903

The gdImageRotateInterpolated function in ext/gd/libgd/gdinterpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and application crash via a large bgdcolor argument to t...

9.1CVSS7.2AI score0.07806EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2015/10/01 1:44 a.m.22 views

Apple iOS 9.0.2 Update Patches Lock Screen Bypass Exploit

Apple has rolled out the second minor iteration of its newest mobile operating system iOS 9, which fixes the iOS lockscreen vulnerability. The widely publicized LockScreen bug allowed anyone with physical access to your iOS device running iOS 9.0 or iOS 9.0.1 to access all the contacts and photos...

6.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/08/24 8:12 p.m.35 views

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Red Hat Product Security has rated this update as having a Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

4CVSS6.9AI score0.11342EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/07/30 12:0 a.m.27 views

Oracle Linux 6 : freeradius (ELSA-2015-1287)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1287 advisory. 2.2.6-4 - Move OpenSSL init out of version check Resolves: Bug1189394 radiusd segfaults after update - Comment-out ippool-dhcp.conf inclusion Resolves: Bug11893...

7.5CVSS8.2AI score0.03912EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2015/07/28 12:0 a.m.37 views

freeradius security, bug fix, and enhancement update

2.2.6-4 - Move OpenSSL init out of version check Resolves: Bug1189394 radiusd segfaults after update - Comment-out ippool-dhcp.conf inclusion Resolves: Bug1189386 radiusd fails to start after 'clean' installation 2.2.6-3 - Disable OpenSSL version check Resolves: Bug1189011 2.2.6-2 - Fix a number ...

7.5CVSS1.3AI score0.03912EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/07/23 12:0 a.m.24 views

RedHat Update for freeradius RHSA-2015:1287-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.6AI score0.03912EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2015/03/03 4:30 p.m.12 views

Domain Shadowing Latest Angler Exploit Kit Evasion Technique

The Angler Exploit Kit continues to evolve at an alarming rate, seamlessly adding not only zero-day exploits as they become available, but also a host of evasion techniques that have elevated it to the ranks of the more formidable hacker toolkits available. Researchers at Cisco’s Talos intelligen...

0.7AI score
Exploits0References3
Rows per page
Query Builder