CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6727 matches found

CNVD•added 2017/07/21 12:0 a.m.•3 views

IBM Tivoli Monitoring Portal Arbitrary Code Execution Vulnerability

IBM Tivoli Monitoring ITM is a suite of system monitoring software from IBM in the United States. The software supports the detection of system bottlenecks and potential problems, performance monitoring of basic system resources, and automatic recovery from critical situations. An arbitrary comma...

7.5CVSS8AI score0.08544EPSS

Exploits0References1

CNVD•added 2017/07/19 12:0 a.m.•2 views

EMC RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2017-24569)

EMC RSA Authentication Manager is a centralized binary authentication software from EMC. The software centralizes the management of binary authentication, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in EMC RSA Authentication Manager 8.2 SP...

4.8CVSS5AI score0.00898EPSS

Exploits1References1

CNVD•added 2017/07/13 12:0 a.m.•2 views

Multiple Cross-Site Scripting Vulnerabilities in Schneider Electric Pelco Sarix/Spectra Cameras

Pelco Sarix/Spectra Cameras is a camera offered by Pelco. Schneider Electric Pelco Sarix/Spectra Cameras has multiple cross-site scripting vulnerabilities that can be exploited by attackers to execute arbitrary HTML and script code...

6.7AI score

Exploits0References1

Japan Vulnerability Notes•added 2017/07/03 6:23 a.m.•2 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be executed on the logged-in user's web browser. Solution Upda...

4.8CVSS6.1AI score0.00603EPSS

Exploits0References6

Japan Vulnerability Notes•added 2017/06/30 6:56 a.m.•2 views

Cross-site Scripting Vulnerability in multiple Hitachi products

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor...

4.7CVSS6.3AI score

Exploits0References1

CNVD•added 2017/06/30 12:0 a.m.•3 views

Kaspersky Anti-Virus for Linux File Server Reflective Cross-Site Scripting Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A reflected cross-site scripting vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to execute...

6.1CVSS6.5AI score0.02623EPSS

Exploits5References1

CNVD•added 2017/06/26 12:0 a.m.•3 views

Sitecore CMS 'searchStr' Parameter Cross-Site Scripting Vulnerability

Sitecore CMS is a content management system. A cross-site scripting vulnerability exists in the Sitecore CMS 'searchStr' parameter. As the program fails to sanitize to user-supplied input. An attacker could exploit the vulnerability to execute arbitrary code in a user's browser script on the...

6.1CVSS6.8AI score0.00779EPSS

Exploits1References1

CNVD•added 2017/06/23 12:0 a.m.•2 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15830)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web framework code in Cisco Firepower Management Center versions prior to 6.0.0.0, which arises from the program's...

5.4CVSS6.7AI score0.00642EPSS

Exploits0References1

CNVD•added 2017/06/23 12:0 a.m.•2 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15836)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Web Framework in Cisco Firepower Management Center 5.4.1 and prior versions, which arises from the program failing to...

5.4CVSS6.7AI score0.00642EPSS

Exploits0References1

0day.today•added 2017/06/15 12:0 a.m.•72 views

HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution Exp

Exploit for hardware platform in category remote exploits Create a bind shell on an unpatched OfficeJet 8210 Write a script to profile.d and reboot the device. When it comes back online then nc to port 1270. easysnmp instructions: sudo apt-get install libsnmp-dev pip install easysnmp import socke...

9.2AI score0.84886EPSS

Exploits6

Microsoft CVE•added 2017/06/13 7:0 a.m.•41 views

Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

9.3CVSS2.6AI score0.19605EPSS

Exploits0

Japan Vulnerability Notes•added 2017/06/13 5:11 a.m.•2 views

Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.1CVSS6AI score0.01432EPSS

Exploits0References7

Japan Vulnerability Notes•added 2017/06/12 4:36 a.m.•6 views

Cybozu KUNAI for Android vulnerable to cross-site scripting

Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...

6.1CVSS6AI score0.00762EPSS

Exploits0References5

Exploit DB•added 2017/05/30 12:0 a.m.•60 views

Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing the JS stack as well as a few other hardcoded objects, traversing reachable...

7AI score

Exploits0

Packet Storm•added 2017/05/25 12:0 a.m.•40 views

WebKit FrameLoader::clear Variable Theft

WebKit: Stealing variables via page navigation in FrameLoader::clear CVE-2017-2515 void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; mneedsClear = false; if...

0.4AI score0.04683EPSS

Exploits2

Exploit DB•added 2017/05/25 12:0 a.m.•22 views

WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation

pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; window.onclick = =...

7.4AI score

Exploits0

CNVD•added 2017/05/24 12:0 a.m.•1 views

Pi Engine Cross-Site Scripting Vulnerability

PI Engine is an open-source CMS system that is more widely used within some Internet companies. A cross-site scripting vulnerability exists in PI Engine, which stems from the program failing to properly validate user-supplied input. When an unsuspecting user browses the affected site, an attacker...

6.1CVSS6.9AI score0.0098EPSS

Exploits0References1

CNVD•added 2017/05/24 12:0 a.m.•1 views

Multiple vulnerabilities in FortiPortal (CNVD-2017-10722)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

9.8CVSS7.6AI score0.01249EPSS

Exploits0References1

CNVD•added 2017/05/24 12:0 a.m.•1 views

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-08125)

IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Curam Social Program Management suffers from a cross-site scripting vulnerability that originates from the program faili...

5.4CVSS6.8AI score0.00516EPSS

Exploits0References1

CNVD•added 2017/05/24 12:0 a.m.•1 views

NetComm NB16WV-02 HTML Injection Vulnerability

The NetComm NB16WV-02 is a router product from NetComm Australia. The NetComm NB16WV-02 suffers from an HTML injection vulnerability that originates when a program fails to properly validate user-supplied input. When an unknowing user browses the affected site, an attacker could exploit the...

5.4CVSS7.9AI score0.00872EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by