Lucene search
K

113 matches found

Prion
Prion
added 2019/01/30 3:29 p.m.13 views

Input validation

TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application...

2.6CVSS5.4AI score0.00957EPSS
Exploits1References1Affected Software1
ThreatPost
ThreatPost
added 2018/08/21 8:5 p.m.14 views

Airmail 3 Exploit Instantly Steals Info from Apple Users

Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message, researchers said. Security...

7AI score
Exploits0References2
OSV
OSV
added 2018/06/11 9:29 p.m.5 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS6.8AI score0.01521EPSS
Exploits1References5
NVD
NVD
added 2018/06/11 9:29 p.m.19 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS4.9AI score0.01521EPSS
Exploits1References5
Prion
Prion
added 2018/06/11 9:29 p.m.20 views

Code injection

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

4.3CVSS6.5AI score0.01521EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2018/06/11 9:0 p.m.133 views

CVE-2017-5384

CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox

5.9CVSS6.5AI score0.01521EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.29 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

6.6AI score0.01521EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.19 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS7.8AI score0.01521EPSS
Exploits1
Veracode
Veracode
added 2018/06/08 2:26 a.m.17 views

Directory Traversal

intsol-package is vulnerable to directory traversal attacks. This is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...

7.5CVSS7.3AI score0.02005EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2018/06/07 8:32 a.m.12 views

Directory Traversal

sspa is vulnerable to directory traversal attacks. It is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...

7.5CVSS7.3AI score0.02005EPSS
Exploits1References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2018/05/15 12:0 a.m.17 views

Adobe Acrobat Pro DC URL Parsing Insufficient Verification of Data Authenticity Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS3.4AI score0.10546EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/20 12:0 a.m.3 views

Cisco Expressway Series and Cisco TelePresence Denial of Service Vulnerability

Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software are both telepresence video communication servers from Cisco that integrate with unified communications and voice communications environments to It can be integrated with unified communications and voi...

4.3CVSS4.8AI score0.01649EPSS
Exploits0References1
OSV
OSV
added 2017/09/26 2:29 a.m.2 views

CVE-2017-14001

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...

8.8CVSS6AI score0.06447EPSS
Exploits0References2
CNVD
CNVD
added 2017/07/27 12:0 a.m.3 views

Cisco Ultra Services Framework Information Disclosure Vulnerability

Cisco Ultra Services Framework is an intelligent online service delivery platform from the U.S. company Cisco Cisco. An information disclosure vulnerability exists in the AutoVNF VNFStagingView class in Cisco Ultra Services Framework version 21.0.0, which stems from the program failing to...

7.5CVSS6.2AI score0.02559EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.35 views

Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability

A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. The vulnerability is due to insufficient sanity checks...

4.3CVSS7.6AI score0.02559EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/01/25 12:0 a.m.27 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS6.8AI score0.01521EPSS
Exploits1References3
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.44 views

MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014

MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014 View products that this article applies to. Introduction This security update resolves vulnerabilities that could allow remote code execution if an attacker sends a...

7.4AI score
Exploits0
Cisco
Cisco
added 2015/01/23 10:25 p.m.27 views

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

5CVSS6.5AI score0.01354EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/23 9:34 p.m.30 views

Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability

A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings. The vulnerability is due to improper sanitization of application programming interface API input. An attacker could exploit this...

5CVSS6.3AI score0.01332EPSS
Exploits0References1
CVE
CVE
added 2015/01/10 2:0 a.m.58 views

CVE-2014-8035

Cisco WebEx Meetings Server’s web framework exposes user enumeration via crafted URL requests. The vulnerability stems from improper sanitization of the returned message, causing different responses depending on whether a username exists. An unauthenticated, remote attacker could enumerate valid ...

5CVSS6.8AI score0.01354EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder