Lucene search
K

809 matches found

UbuntuCve
UbuntuCve
added 2015/10/23 12:0 a.m.27 views

CVE-2015-7885

The dgncmgmtioctl function in drivers/staging/dgnc/dgncmgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application...

2.3CVSS6.8AI score0.00443EPSS
Exploits0References10
CVE
CVE
added 2015/06/07 11:0 p.m.96 views

CVE-2015-4003

CVE-2015-4003 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c, function oz_usb_handle_ep_data) through kernel 4.0.5. A remote attacker can send a crafted packet to trigger a divide-by-zero and cause a system crash (DoS). The connected advisories (Unity Linux/Eule...

7.8CVSS6.8AI score0.05852EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2015/06/07 12:0 a.m.40 views

CVE-2015-4001

Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a crafted packet...

9CVSS7.4AI score0.07123EPSS
Exploits0References8
Hacker One
Hacker One
added 2015/02/25 2:6 p.m.22 views

Yelp: Information disclosure - emails disclosed in response > staging.seatme.us

Hello, I found a info disclosure vulnerability. We can enumerate emails via userid parameter from Manage users. And I found that : ID 1 is ██████ ID 514755 is ████████ ID 514775 is █████ ID 514764 is ███████ I attached photos from burp repeater to be more explicit. We can easily bruteforce userid...

6.7AI score
Exploits0
Veeam
Veeam
added 2015/02/10 12:0 a.m.23 views

Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server

Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...

7.2AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2014/07/02 6:38 p.m.19 views

Factlink: XSS 01 on staging.fct.li

hey the error message generated can be used to escape out of a dynamically generated href link. The below will render in internet explorer without xss filter enabled of course. See the screenshot for an example. The response is: HTTP/1.1 504 Gateway Time-out Server: nginx/1.4.4 Date: Wed, 02 Jul...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Sitecore Staging Module 5.4.0 - Authentication bypass and File Manipulation

No description provided by source. SEC Consult Security Advisory 20091217-0 ========================================================================== title: Authentication bypass and file manipulation in Sitecore Staging Module products: Sitecore Staging Module vulnerable version: Sitecore Stagi...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.36 views

Unixware 7.0 SCOhelp HTTP Server Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/06/29 9:47 a.m.54 views

jsDelivr: XSS

Dear Team, Step-by-step instructions on how to reproduce the problem: It was found the application is vulnerable to XSS attack. To achieve the same, open this link http://staging.jsdelivr.net/g//%3Cimg/src=%22%3E%22+onerror=alert%28927942%29%3E in firefox. it can't prompt bcoz there is nothng jus...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2014/06/25 6:41 a.m.16 views

Uzbey: Price Manipulation

Hey guys, I put this down as a 2nd bug as it may have been overlooked from the previous report and I figured it'd be easier to track a fix and add comments separately... When completing an order it looks like it may be possible to pay an arbitrary amount - what happens is a request is generated t...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2014/06/22 10:41 p.m.20 views

Uzbey: Cross-site scripting vulnerability detected

It was possible to identify a XSS vuln. at this address: https://staging.uzbey.com parameter: ?q=user...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.39 views

openSUSE Security Update : kernel (openSUSE-SU-2014:0204-1)

The Linux kernel was updated to fix various bugs and security issues : - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...

7.2CVSS7AI score0.34649EPSS
Exploits27References45
CVE
CVE
added 2014/05/27 2:0 p.m.64 views

CVE-2014-3840

CVE-2014-3840 affects Mayan EDMS 0.13, with multiple stored XSS vulnerabilities in apps/common/templates/calculate_form_title.html. The issue allows remote authenticated users to inject arbitrary script/HTML via several vectors: (1) a tag, (2) the title of a source in a Staging folder, (3) the Na...

3.5CVSS5.4AI score0.03476EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2014/05/27 2:0 p.m.22 views

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

5.4AI score0.03476EPSS
Exploits1References8
NVD
NVD
added 2014/05/27 1:55 p.m.18 views

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

3.5CVSS5.4AI score0.03476EPSS
Exploits1References8
PyPA
PyPA
added 2014/05/27 1:55 p.m.7 views

PYSEC-2014-110

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

3.5CVSS5.7AI score0.03476EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2014/05/27 1:55 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

3.5CVSS5.6AI score0.03476EPSS
Exploits1References8Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2014/02/06 7:4 p.m.51 views

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...

7.2CVSS7.6AI score0.34649EPSS
Exploits27References28
The Hacker News
The Hacker News
added 2011/05/04 3:20 p.m.10 views

Metasploit Framework 3.7.0 Released !

Metasploit Framework 3.7.0 Released ! The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework a...

7.6AI score
Exploits0
ThreatPost
ThreatPost
added 2011/01/20 8:8 p.m.13 views

How Attackers Steal Your Data

ARLINGTON, VA–Pulling valuable data out of corporate networks is the end goal of many, if not most, attacks these days and the tactics that attackers use to get into their targets are fairly well understood and publicized. But it’s not often that you get a look at the way that the data is actuall...

0.3AI score
Exploits0
Rows per page
Query Builder