Lucene search
K

239 matches found

OSV
OSV
added 2021/07/25 12:0 p.m.14 views

RUSTSEC-2021-0108 Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

7.8CVSS7.5AI score0.01466EPSS
Exploits0References3
NVD
NVD
added 2021/07/09 2:15 p.m.34 views

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

9.8CVSS0.72054EPSS
Exploits0References2
Prion
Prion
added 2021/07/09 2:15 p.m.34 views

Authentication flaw

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

10CVSS7.6AI score0.60084EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/07/09 2:15 p.m.42 views

Authentication flaw

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

7.5CVSS9.2AI score0.85619EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2021/07/09 12:0 a.m.1374 views

CVE-2021-30116

Kaseya VSA on-premises prior to 9.5.7 is affected by CVE-2021-30116. An unauthenticated download page (dl.asp) exposes KaseyaD.ini, which contains Agent_Guid and AgentPassword. An attacker can use these credentials to log in to the download page and obtain a sessionId cookie, bypassing authentica...

10CVSS9.2AI score0.85619EPSS
In wildExploits1References5Affected Software2
Cvelist
Cvelist
added 2021/07/09 12:0 a.m.24 views

CVE-2021-30116 Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS9.5AI score0.85619EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2021/07/09 12:0 a.m.4 views

CVE-2021-30116 Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS6.9AI score0.85619EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/07/09 12:0 a.m.110 views

CVE-2021-30116

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS9.2AI score0.85619EPSS
In wildExploits1References6
OSV
OSV
added 2021/04/20 4:31 p.m.15 views

GHSA-X823-J7C4-VPC5 Cross-site scripting in sickrage

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS6AI score0.0082EPSS
Exploits1References4
Veracode
Veracode
added 2021/04/13 12:26 a.m.15 views

Cross-Site Scripting (XSS)

sickrage is vulnerable to cross-site scripting XSS. The vulnerability exists due to user input not being validated properly in the quicksearch feature allowing an attacker to steal the user's sessionID...

6.1CVSS2.1AI score0.0082EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/04/13 12:0 a.m.5 views

SiCKRAGE Cross-Site Scripting Vulnerability

SickRage is an automated video library manager for TV programs. A reflected cross-site scripting vulnerability exists in SiCKRAGE versions 9.3.54.dev1 - 10.0.11.dev1. The vulnerability stems from the quicksearch feature not properly validating user input. An attacker can use this vulnerability to...

6.1CVSS5.9AI score0.0082EPSS
Exploits1References1
NVD
NVD
added 2021/04/12 2:15 p.m.33 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS0.0082EPSS
Exploits1References2
OSV
OSV
added 2021/04/12 2:15 p.m.32 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS6.1AI score0.0082EPSS
Exploits1References2
Prion
Prion
added 2021/04/12 2:15 p.m.15 views

Cross site scripting

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

4.3CVSS6AI score0.0082EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/04/12 2:15 p.m.36 views

PYSEC-2021-148

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS3.4AI score0.0082EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2021/04/12 1:45 p.m.6 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.3AI score0.0082EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/12 1:45 p.m.38 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.3AI score0.0082EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/02/21 11:5 p.m.19 views

CVE-2021-27514

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass such as in CVE-2021-27513 exploitation...

9.8AI score0.03548EPSS
Exploits1References2
CNVD
CNVD
added 2021/01/25 12:0 a.m.3 views

UFIDA U8-OA has information leakage vulnerability

Founded in 1988, UFIDA is a global provider of advanced cloud services, software, and financial services for enterprises and public organizations. An information disclosure vulnerability exists in UFIDA U8-OA. An attacker can exploit the vulnerability to obtain the SessionID of all users and log ...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/01/05 12:0 a.m.28 views

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2021:0019-1)

This update for java-171-ibm fixes the following issues : Update to Java 7.1 Service Refresh 4 Fix Pack 75 bsc1180063, bsc1177943 CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 - Class Libraries : - Z/OS specific C function...

5.8CVSS6AI score0.03713EPSS
Exploits0References19
Rows per page
Query Builder