Lucene search
K

124 matches found

CNVD
CNVD
added 2015/05/20 12:0 a.m.4 views

Cisco Unified Customer Voice Portal Cross-Site Request Forgery Vulnerability

Cisco Unified Customer Voice Portal CVP provides voice and video self-service. A cross-site request forgery vulnerability exists in Cisco Unified Customer Voice Portal, where the program fails to properly validate user input, allowing a remote attacker to construct a malicious URI, trick the user...

6.8CVSS6.9AI score0.00722EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/20 12:0 a.m.2 views

WSO2 Identity Server /carbon/user/add-finish.jsp User Cross-Site Request Forgery Vulnerability

WSO2 Identity Server is an open source identity services , support for Information Cards, OpenID and XACML. WSO2 Identity Server /carbon/user/add-finish.jsp has a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, entice users to parse them, and...

6.8AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2015/05/18 12:0 a.m.4 views

Adobe Acrobat and Reader U3D Texture Parsing Buffer Overflow (APSB12-16) - Ver2 (CVE-2012-2049)

A stack buffer overflow vulnerability has been reported in Adobe Reader. The vulnerability is due to lack of bounds checking when handling PDF files containing specially crafted strings. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file...

10CVSS6.7AI score0.13211EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/05/18 12:0 a.m.10 views

Oracle WebCenter Forms Recognition Sssplt30.ocx Arbitrary File Creation - Ver2 (CVE-2012-1710)

A directory traversal vulnerability has been reported in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in a certain method in the Sssplt30 ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to op...

7.5CVSS3.4AI score0.11636EPSS
Exploits4
CNVD
CNVD
added 2015/05/04 12:0 a.m.2 views

Wing FTP Server Admin /admin_loglist.html Cross-Site Request Forgery Vulnerability

WingFTPServer is a professional cross-platform FTP server , it has good speed , reliability and a friendly configuration interface . A cross-site request forgery vulnerability exists in WingFTPServer Admin /adminloglist.html, which allows remote attackers to construct malicious URIs, trick users...

7AI score
Exploits0References1
CNVD
CNVD
added 2015/04/23 12:0 a.m.3 views

Multiple Cross-Site Request Forgery Vulnerabilities in Landesk Management Suite

LANDESK Management Suite is a set of IT systems management solutions from the U.S. company LANDESK. A cross-site request forgery vulnerability exists in LANDESK Management Suite 9, which allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious...

6.8CVSS6.9AI score0.00909EPSS
Exploits3References1
CNVD
CNVD
added 2015/04/14 12:0 a.m.3 views

Multiple Cross-Site Request Forgery Vulnerabilities in Kemp Virtual LoadMaster

Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster suffers from multiple cross-site request forgery vulnerabilities that allow remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions in the context of the target user...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2015/03/24 12:0 a.m.3 views

MetalGenix GeniXCMS Cross-Site Request Forgery Vulnerability

MetalGenix GeniXCMS is a content management system. A cross-site request forgery vulnerability exists in MetalGenix GeniXCMS. This allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the target user...

6.8CVSS6.9AI score0.03907EPSS
Exploits2References1
OSV
OSV
added 2015/01/28 12:0 a.m.3 views

UBUNTU-CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

7.5CVSS7.3AI score0.11199EPSS
Exploits0References3
CNVD
CNVD
added 2015/01/14 12:0 a.m.3 views

Kodi Cross-Site Request Forgery Vulnerability

Kodi is a famous entertainment media center. Kodi suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the target user...

6.9AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

WebWasher CSM 4.4.1 Build 752 Conf Script Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13037/info It is reported that the WebWasher 'conf' script is prone to a cross-site scripting vulnerability. A remote attacker may exploit this issue to have arbitrary script and HTML code executed in the browser of a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

SIPS 0.2.2 User Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7134/info It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/04/28 12:0 a.m.1 views

Vortex Media Group Light Alloy M3U File Handling Buffer Overflow (CVE-2013-6874)

A stack buffer overflow vulnerability has been reported in Light Alloy media player. The vulnerability is due to a lack of boundary check when handling M3U files. Successful exploitation could allow arbitrary code execution in the context of the target user...

9.3CVSS7.6AI score0.06047EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2014/03/03 12:0 a.m.3 views

Microsoft Office RTF Mismatch Memory Corruption (MS12-029) - Ver2 (CVE-2012-0183)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to a memory corruption while parsing specially crafted RTF-formatted data. A remote attacker can exploit this issue by enticing a target user to open a specially crafted RTF file. Successful...

9.3CVSS7.2AI score0.24412EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2013/11/10 12:0 a.m.2 views

Belkin Linksys E1500/E2500 Remote Command Execution

A remote command execution vulnerability exists in multiple Belkin Linksys routers. The vulnerability is due to improper input validation in the router's Web interface. A remote attacker could exploit this vulnerability by sending a malicious HTTP request to the victim. Successful exploitation of...

7.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/02/17 12:0 a.m.6 views

Adobe Reader PDF File DLL Injection Remote Code Execution (APSA13-02; CVE-2013-0640)

A remote code execution vulnerability has been reported in Adobe Reader. The vulnerability is due to a dll injection while handling malformed PDF files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would allow an...

8AI score0.86979EPSS
Exploits4
Packet Storm
Packet Storm
added 2012/08/15 12:0 a.m.33 views

globalSCAPE CuteZIP Stack Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/zip' class Metasploit3 'globalSCAPE CuteZIP...

0.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2012/07/02 12:0 a.m.1 views

Adobe Photoshop TIFF Parsing Heap Buffer Overflow

A remote code execution vulnerability has been reported in Adobe Photoshop. The vulnerability is due to a heap buffer overflow when handling specially crafted TIFF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file using an...

8.5AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2010/03/11 12:0 a.m.24 views

Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-browser passes command line arguments ...

8.5CVSS7.5AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2009/07/24 12:0 a.m.3 views

Update Protection against Joomla! HTTP Header Script Injection

Joomla! is a content management system CMS designed for building Web sites and online applications. Joomla! fails to parse HTTP headers, allowing an attacker to inject JavaScript or DHTML code that can be executed in the context of a target user browser...

6.9AI score
Exploits0
Rows per page
Query Builder