CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hacker One•added 2016/07/13 9:17 a.m.•27 views

Dropbox: SSRF allows access to internal services like Ganglia

ACLs to prevent the webhook testing service from accessing internal addresses were not applied to a newly added subnet. Only read-only monitoring services were identified, and requests were limited to GET. This subnet was not yet serving production traffic...

3.6AI score

Citrix•added 2016/05/25 12:0 a.m.•10 views

Target Device has Poor Performance and/or High Retries When Booting to a vDisk in Private Mode

When installing software in private mode it takes a very long time. Booting devices in Standard Mode works as expected Any maintenance version is very slow Best practices are put in place with Large send offloaddisabled on the target and PVS server anddisabled spanning tree on the switch vDisk is...

7AI score

0day.today•added 2016/05/16 12:0 a.m.•32 views

Web interface for DNSmasq / Mikrotik - SQL Injection

Exploit for php platform in category web applications / + Credits: hyp3rlinx Vendor: ==================== tmcdos / sourceforge Product: ====================== dnsdhcp Web Interface Download: sourceforge.net/projects/dnsmasq-mikrotik-admin/?source=directory This is a very simple web interface for...

7.1AI score

Kitploit•added 2016/04/20 10:24 p.m.•32 views

Changme - A Default Credential Scanner

Changeme is designed to be simple to add new credentials without having to write any code or modules. changeme keeps credential data separate from code. All credentials are stored in yaml files so they can be both easily read by humans and processed by changeme. Credential files can be created by...

7.1AI score

Citrix•added 2016/02/23 12:0 a.m.•7 views

Commands Generated by XenMobile Wizard on NetScaler - SSL Offload

This article will help you when you need to run the wizard more than once for multiple XenMobile environments. This article assumes that you have the following items already installed and configured on the NetScaler: 1. NetScaler IP address NSIP 2. Subnet IP address SNIP 3. DNS Settings 4...

7.1AI score

CNVD•added 2016/01/05 12:0 a.m.•3 views

Wireshark DNS Resolver Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. In Wireshark version 1.12.x prior to 1.12.9, the function dissectdnsanswer within epan/dissectors/packet-dns.c in the DNS parser incorrectly handles the EDNS0 Client Subnet option in a constructed packet, which can be exploited by a remote...

5.5CVSS7.6AI score0.01525EPSS

OSV•added 2016/01/04 5:59 a.m.•2 views

DEBIAN-CVE-2015-8719

The dissectdnsanswer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5.5CVSS7.3AI score0.01525EPSS

OSV•added 2016/01/04 5:59 a.m.•6 views

CVE-2015-8719

5.5CVSS5.2AI score

Exploits0References8

Prion•added 2016/01/04 5:59 a.m.•12 views

Code injection

4.3CVSS6.8AI score0.01525EPSS

Exploits0References8Affected Software1

OSV•added 2016/01/04 5:59 a.m.•2 views

UBUNTU-CVE-2015-8719

5.5CVSS6.4AI score0.01525EPSS

CNVD•added 2015/12/31 12:0 a.m.•6 views

lldp 'assert()' function denial of service vulnerability

lldp Link Layer Discovery Protocol is a link layer discovery protocol that allows network devices to advertise their device identity and performance on the local subnet. A denial of service vulnerability exists in lldp. An attacker could exploit this vulnerability to crash the daemon and deny...

7.5CVSS6.5AI score0.03EPSS

Cisco•added 2015/08/12 6:5 p.m.•74 views

Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability

A vulnerability in the Unicast Reverse Path Forwarding uRPF feature in the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to bypass the uRPF validation checks. The vulnerability is due to incorrect uRPF validation where IP packets from an outside interface,...

5CVSS6.5AI score0.01733EPSS

n0where•added 2015/06/30 6:8 p.m.•25 views

Bridging OpenVPN

OpenVPN supports two very different means for interconnecting networks: routing and bridging. Routing refers to the interconnection of separate and independent “sub-networks” subnets which have non-overlapping ranges of IP addresses. Upon receiving a packet sent to it, a network “router” examines...

7AI score

Tenable Nessus•added 2015/06/04 12:0 a.m.•41 views

Amazon Linux AMI : chrony (ALAS-2015-539)

As reported upstream : When NTP or cmdmon access was configured from chrony.conf or via authenticated cmdmon with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder e.g. 192.168.15.0/22 or f000::/3, the new setting was written to an incorrect...

6.5CVSS7.6AI score0.03439EPSS

NVD•added 2015/04/16 2:59 p.m.•20 views

CVE-2015-1821

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...

6.5CVSS7.3AI score0.03439EPSS

OSV•added 2015/04/16 2:59 p.m.•2 views

DEBIAN-CVE-2015-1821

6.5CVSS8.1AI score0.03439EPSS

OSV•added 2015/04/16 2:59 p.m.•1 views

UBUNTU-CVE-2015-1821

6.5CVSS7.8AI score0.03439EPSS

Debian CVE•added 2015/04/16 2:0 p.m.•29 views

CVE-2015-1821

6.5CVSS7.5AI score0.03439EPSS