Lucene search
+L

65 matches found

hackerone
hackerone
added 2019/12/27 6:5 a.m.101 views

Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services

I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a creating a LoadBalancer service a...

6CVSS5.6AI score0.09274EPSS
Exploits3
nessus
nessus
added 2019/08/12 12:0 a.m.41 views

openSUSE Security Update : MozillaFirefox (openSUSE-2019-1811)

This update for MozillaFirefox, mozilla-nss fixes the following issues : MozillaFirefox to version ESR 60.8 : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...

9.8CVSS7.4AI score0.20271EPSS
Exploits2References11
osv
osv
added 2019/07/29 9:15 a.m.8 views

OPENSUSE-SU-2019:1811-1 Security update for MozillaFirefox

This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...

9.8CVSS8.2AI score0.20271EPSS
Exploits2References12
osv
osv
added 2019/07/29 9:7 a.m.12 views

SUSE-SU-2019:1861-2 Security update for MozillaFirefox

This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...

9.8CVSS8AI score0.20271EPSS
Exploits2References12
nessus
nessus
added 2019/07/22 12:0 a.m.46 views

openSUSE Security Update : MozillaFirefox (openSUSE-2019-1782)

This update for MozillaFirefox, mozilla-nss fixes the following issues : MozillaFirefox to version ESR 60.8 : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...

9.8CVSS7.4AI score0.20271EPSS
Exploits2References11
nessus
nessus
added 2019/07/19 12:0 a.m.48 views

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1869-1)

This update for MozillaFirefox, mozilla-nss fixes the following issues : MozillaFirefox to version ESR 60.8 : CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. CVE-2019-11712:...

9.8CVSS7.5AI score0.20271EPSS
Exploits2References22
osv
osv
added 2019/07/17 12:4 p.m.15 views

SUSE-SU-2019:1869-1 Security update for MozillaFirefox

This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...

9.8CVSS8AI score0.20271EPSS
Exploits2References12
kitploit
kitploit
added 2019/01/26 12:38 p.m.177 views

Sh00T - A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...

7.4AI score
Exploits0References3
n0where
n0where
added 2018/09/19 1:55 a.m.63 views

Mail Security Testing Framework

Mail Security Testing Framework is a testing framework for mail security and filtering solutions. The mail security testing framework works with with Python =3.5. Just pull this repository and go ahead. No further dependencies are required. Usage The script mail-tester.py runs the tests. Read the...

6.4AI score
Exploits0References2
kitploit
kitploit
added 2018/02/15 8:49 p.m.48 views

APTSimulator - A toolset to make a system look as if it was the victim of an APT attack

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. Use Cases 1. POCs: Endpoint detection agents / compromise assessment tools 2. Test your security monitoring's detection capabilities 3. Test your SOCs response on a...

7.6AI score
Exploits0References8
myhack58
myhack58
added 2017/08/09 12:0 a.m.52 views

See my how-to the Apache fuzzing and dig to a value of 1500 knife of vulnerability-vulnerability warning-the black bar safety net

Target In the AFL in the view of the Apache httpd server's crash logs, I found a lot of problems. For example, some crash testing with example in fuzz testing tools internal collapse, but also affect the test program stability. In this article, I will talk to you to explain the test case to crash...

7.8AI score
Exploits0
ubuntucve
ubuntucve
added 2017/06/19 4:29 a.m.20 views

CVE-2017-9749

The regs macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution...

7.8CVSS7AI score0.08506EPSS
Exploits1References2
exploitpack
exploitpack
added 2016/03/23 12:0 a.m.18 views

Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents

Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=762 In COleMemFile::LoadDiFatList, values from the header are used to parse the document FAT. If header.csectDif is very high, the calculation overflows...

0.4AI score
Exploits0
oraclelinux
oraclelinux
added 2015/04/15 12:0 a.m.77 views

java-1.8.0-openjdk security update

1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz1194378 1:1.8.0.45-27.b13 - updated to security u45 - minor sync with 7....

10CVSS1.9AI score0.07224EPSS
Exploits1
myhack58
myhack58
added 2013/12/09 12:0 a.m.30 views

whatycms the presence of a remote code execution vulnerability-vulnerability warning-the black bar safety net

whatycms the presence of a remote code execution vulnerability Application features inurl:whatycms Test cases http://www.gpjh.cn/cms/whatycms/LoginFrameInput.jspx http://ghoa.dhu.edu.cn/jdhPro/UserLogin.action http://tc.js.edu.cn/cms/whatycms/ArtiSearch.do...

1AI score
Exploits0
packetstorm
packetstorm
added 2012/11/16 12:0 a.m.27 views

Rollingstone.com Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Rollingstone.com reflected Cross Site Scripting XSS vulnerability Vendor : Wenner Media http://www.jannswenner.com/ Description : Rollingstone.com web-site is vulnerable to reflected...

7.4AI score
Exploits0
thn
thn
added 2011/09/16 5:42 a.m.26 views

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be...

7.2AI score
Exploits0
oraclelinux
oraclelinux
added 2010/11/29 12:0 a.m.59 views

php security update

5.1.6-27.3 - add security fix for CVE-2010-3870 626735 5.1.6-27.2 - fix varexport test cases 626735 5.1.6-27.1 - add security fixes for CVE-2010-1917, CVE-2010-3065, CVE-2010-2531, CVE-2010-1128, CVE-2010-0397 626735...

6.8CVSS1.3AI score0.11528EPSS
Exploits7
osv
osv
added 2009/02/21 11:30 p.m.3 views

DEBIAN-CVE-2008-6235

The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...

9.3CVSS7.8AI score0.02989EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2008/03/05 12:0 a.m.29 views

CVE-2008-1096

The loadtile function in the XCF coder in coders/xcf.c in 1 ImageMagick 6.2.8-0 and 2 GraphicsMagick aka gm 1.1.7 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly...

6.8CVSS7.2AI score0.04528EPSS
Exploits2References2
Rows per page
Query Builder