Lucene search
K

9303 matches found

Tenable Nessus
Tenable Nessus
added 2016/02/04 12:0 a.m.37 views

WordPress < 4.4.2 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.4.2. It is, therefore, affected by the following vulnerabilities : - A cross-site redirection vulnerability exists due to a failure by the application to validate certain input...

8.6CVSS7.6AI score0.09275EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2016/02/03 12:11 p.m.12 views

WordPress Update Fixes SSRF, Open Redirect Vulnerability

Developers at WordPress are encouraging users to upgrade to the latest version, 4.4.2, in order to resolve a handful of bugs and vulnerabilities in the content management system. The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried...

0.2AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/12/22 12:0 a.m.63 views

VMware vCenter Multiple Vulnerabilities (VMSA-2015-0008)

The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities : - An XML external entity XXE injection flaw exists in Flex BlazeDS in the file flex-messaging-core.jar due to an incorrectly configured XML parser accepting XML external entities from untrusted...

5CVSS6.7AI score0.0954EPSS
Exploits3References3
Prion
Prion
added 2015/12/05 3:59 a.m.19 views

Server side request forgery (ssrf)

Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...

5CVSS7.1AI score0.02049EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/11/19 12:0 a.m.32 views

Adobe ColdFusion Multiple Vulnerabilities (APSB15-29) (credentialed check)

The version of Adobe ColdFusion running on the remote Windows host is affected by multiple vulnerabilities : - Multiple cross-site scripting XSS vulnerabilities exist due to a failure to validate input before returning it to the user. A remote attacker can exploit these to inject arbitrary script...

4.3CVSS5.5AI score0.04482EPSS
Exploits1References4
Prion
Prion
added 2015/11/18 9:59 p.m.26 views

Server side request forgery (ssrf)

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

4.3CVSS7AI score0.04482EPSS
Exploits1References9Affected Software2
NVD
NVD
added 2015/11/18 9:59 p.m.27 views

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

4.3CVSS3.9AI score0.04482EPSS
Exploits1References9
Cvelist
Cvelist
added 2015/11/18 9:0 p.m.33 views

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

3.8AI score0.04482EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2015/11/17 2:45 p.m.25 views

Adobe Issues HotFix For ColdFusion

Adobe this afternoon released hotfixes and security updates for three of its products that patch a handful of vulnerabilities, none of which are being publicly exploited. The most serious vulnerabilities were in ColdFusion, Adobe’s web application development platform. The hotfix affects ColdFusi...

4.3CVSS0.4AI score0.04482EPSS
Exploits1References4
Adobe
Adobe
added 2015/11/17 12:0 a.m.44 views

APSB15-30 Security update available for LiveCycle Data Services

Adobe has released a security update for LiveCycle Data Services. This update includes an updated version of Apache™ BlazeDS that resolves an important server-side request forgery vulnerability. Adobe recommends users apply the available updates using the instructions provided in the "Solution"...

4.3CVSS4.7AI score0.04482EPSS
Exploits1Affected Software1
VMware
VMware
added 2015/11/16 12:0 a.m.71 views

VMSA-2015-0008:VMware product updates address information disclosure issue.

VMSA-2015-0008.2 VMware product updates address information disclosure issue. VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2015-0008.2 VMware Security AdvisorySynopsis: VMware product updates address information disclosure issue. VMware Security AdvisoryIssue date: 2015-11-1...

5CVSS5.7AI score0.0954EPSS
Exploits3References4Affected Software3
0day.today
0day.today
added 2015/11/04 12:0 a.m.245 views

Piwik 2.14.3 PHP Object Injection Vulnerability

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution. ----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability...

7.5CVSS7.6AI score0.03931EPSS
Exploits3
NVD
NVD
added 2015/11/02 7:59 p.m.25 views

CVE-2015-1775

Server-side request forgery SSRF vulnerability in the proxy endpoint api/v1/proxy in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call...

5.5CVSS6.2AI score0.02953EPSS
Exploits0References2
CVE
CVE
added 2015/11/02 7:0 p.m.73 views

CVE-2015-1775

Apache Ambari (1.5.0–2.0.2) is vulnerable to SSRF via the proxy endpoint api/v1/proxy. The issue allows remote authenticated users to perform port scans and access unsecured services through a crafted REST call, due to improper validation in the proxy handling. Impact details in multiple sources ...

5.5CVSS6.4AI score0.02953EPSS
Exploits0References2Affected Software1
n0where
n0where
added 2015/10/20 10:46 p.m.1354 views

Xtreme Vulnerable Web Application: XVWA

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. It is recommended to host this application in local/controlled environment an...

8.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2015/10/05 12:0 a.m.27 views

Open-Xchange (OX) App Suite Multiple Vulnerabilities -02 (Oct 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.6AI score0.03809EPSS
Exploits1References4
Hacker One
Hacker One
added 2015/10/01 8:24 p.m.16 views

Imgur: Server Side Request Forgery In Video to GIF Functionality

imgur.com is vulnerable to Server Side Request Forgery because it fails to sanitize or verify the "url" GET parameter. This could be used by attackers to launch attacks against other 3rd party sites or proxy an attackers requests through the affected site to hide the attackers origin. In more...

0.1AI score
Exploits0
Prion
Prion
added 2015/09/16 6:59 p.m.18 views

Server side request forgery (ssrf)

XML external entity XXE vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery SSRF attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx...

6.4CVSS7.1AI score0.1576EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2015/09/16 6:0 p.m.22 views

CVE-2015-3623

XML external entity XXE vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery SSRF attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx...

6.5AI score0.1576EPSS
Exploits5References3
Prion
Prion
added 2015/09/01 2:59 p.m.13 views

Server side request forgery (ssrf)

IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request...

7.5CVSS6.9AI score0.02426EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder