Lucene search
K

102 matches found

Microsoft KB
Microsoft KB
added 2019/07/09 12:0 a.m.5 views

May 28, 2019—KB4499162 (OS Build 15063.1839)

May 28, 2019—KB4499162 OS Build 15063.1839 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

7.3AI score
Exploits0
NVD
NVD
added 2019/07/04 11:15 p.m.14 views

CVE-2019-13294

AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...

10CVSS9.8AI score0.18753EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/07/04 10:9 p.m.22 views

CVE-2019-13294

AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...

9.8AI score0.18753EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.132 views

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AROX School-ERP Pro Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in AROX...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.67 views

Feng Office 3.7.0.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Nginx < 1.7.5 SSL Session Reuse

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 0.5.6 or higher, 1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore, affected by an SSL session or TLS session ticket key handling error. A flaw exists in the fi...

4.3CVSS6.8AI score0.05654EPSS
Exploits0References8
Prion
Prion
added 2018/09/06 7:29 p.m.10 views

Cross site scripting

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...

4.3CVSS6.3AI score0.00648EPSS
Exploits1References1Affected Software1
ripstech
ripstech
added 2017/11/08 1:0 p.m.25 views

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

Who is affected Installations with following requirements are affected by this vulnerabilities: Shopware version = 5.3.3 and = 5.1 Impact - What can an attacker do In order to exploit the found vulnerabilities an attacker needs to be able to use the backend functionality of Shopware, specifically...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2017/09/27 12:0 a.m.87 views

Magento 1.9.0.1 Cross-Site Scripting Vulnerability

Magento Web E-Commerce Platform is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.1AI score0.01005EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2015/03/20 12:0 a.m.4 views

PT-2015-15: Information Disclosure in LiteSpeed Web Server

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in LiteSpeed Web Server. This vulnerability allows attackers to obtain the content of arbitrary memory locations in LiteSpeed Web Server. The exploitation of the vulnerability makes it possible t...

4.3CVSS6.8AI score
Exploits0References3
Exploit DB
Exploit DB
added 2014/11/24 12:0 a.m.23 views

RobotStats 1.0 - HTML Injection

Title : RobotStats v1.0 HTML Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/22 12:0 a.m.25 views

RobotStats 1.0 SQL Injection

Title : RobotStats v1.0 robot param SQL Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.41 views

Authentication bypass in D-Link routers

Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...

9.3CVSS2.2AI score0.0416EPSS
Exploits0
CVE
CVE
added 2012/03/03 2:0 a.m.62 views

CVE-2012-0320

CVE-2012-0320 affects Movable Type before 4.38, 5.0.x before 5.07, and 5.1.x before 5.13. The vulnerability allows remote attackers to take control of user sessions via the commenting feature and the community script, enabling session hijack. Relevant advisories reference upgrades to fixed releas...

7.5CVSS6.9AI score0.02707EPSS
Exploits0References7Affected Software1
seebug.org
seebug.org
added 2009/05/29 12:0 a.m.22 views

Arab Portal 2.2 (Auth Bypass) Remote SQL Injection Vulnerability

No description provided by source. Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security - Cod...

7.1AI score
Exploits0
erpscan
erpscan
added 2009/01/21 12:0 a.m.18 views

Oracle Application Server - multiple security vulnerabilities

Application: Oracle Application Server Versions Affected: Oracle Application Server 10.1.2.0.2 Vendor URL: http://oracle.com Bugs: Response Splitting XSS Exploits: YES Reported: 21.01.2009 Vendor response: 23.01.2009 Date of Public Advisory: 22.02.2012 Author: Alexandr Polyakov Description Oracle...

0.1AI score
Exploits0
OSV
OSV
added 2007/10/29 9:46 p.m.7 views

CVE-2007-3920

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069...

6.1AI score
Exploits0References16
Debian CVE
Debian CVE
added 2007/10/29 9:0 p.m.23 views

CVE-2007-3920

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069...

6.2CVSS6.2AI score0.00356EPSS
Exploits0
securityvulns
securityvulns
added 2006/08/31 12:0 a.m.28 views

[SA21705] OpenVMS Session Control Password Disclosure Security Issue

---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available:...

6.8AI score
Exploits0
OSV
OSV
added 2002/12/31 5:0 a.m.4 views

CVE-2002-1755

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...

7AI score
Exploits0References2
Rows per page
Query Builder