Lucene search
K

167 matches found

The Hacker News
The Hacker News
added 2022/12/02 1:0 p.m.33 views

The Value of Old Systems

Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting...

6.9AI score
Exploits0
OSV
OSV
added 2022/08/16 12:0 a.m.36 views

GHSA-C438-6F6R-PG8W 4thline cling uPnP protocol issue can lead to denial of service

An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers...

7.5CVSS7.5AI score0.15193EPSS
Exploits4References4
Github Security Blog
Github Security Blog
added 2022/08/16 12:0 a.m.29 views

4thline cling uPnP protocol issue can lead to denial of service

An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers...

7.5CVSS7.1AI score0.00969EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2022/03/07 12:0 a.m.149 views

GHSA-PH3V-2HQ5-5QFQ Code injection in RazorEngine

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS9.6AI score0.01832EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2022/03/07 12:0 a.m.66 views

Code injection in RazorEngine

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS5.5AI score0.01832EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2022/03/06 6:15 a.m.33 views

CVE-2021-46703

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS9.6AI score
Exploits0References1
Drupal
Drupal
added 2022/01/25 12:0 a.m.16 views

Vendor Stream Wrapper - Moderately critical - Unsupported - SA-CONTRIB-2022-019

This module provides a stream wrapper for files located in the vendor directory. Even when the vendor directory is moved outside the webroot, it allows providing publically accessible URLs to these files. The module exposes all files that are in the vendor directory, without a site owner's...

6.6AI score
Exploits0References6
The Hacker News
The Hacker News
added 2021/08/31 5:33 a.m.31 views

CISA Adds Single-Factor Authentication to the List of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattack...

0.4AI score
Exploits0
CNNVD
CNNVD
added 2020/11/16 12:0 a.m.7 views

Lionwiki Security Vulnerabilities

Lionwiki is a small wiki builder based on file templates written in Php by the Lionwiki team. A security vulnerability exists in LionWiki versions prior to 3.2.12 that allows an unauthenticated user to read files as a web server user by creating strings in the index.php f1 variable i.e. local fil...

7.5CVSS7.1AI score0.08361EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/04/28 12:0 a.m.34 views

CVE-2020-7351

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the “asterisk” user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

9CVSS9.4AI score0.65208EPSS
Exploits4References3
Drupal
Drupal
added 2019/01/23 12:0 a.m.7 views

Nodeaccess - Critical - Unsupported - SA-CONTRIB-2019-009

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466...

7.1AI score
Exploits0References2
0day.today
0day.today
added 2018/10/12 12:0 a.m.55 views

SugarCRM 6.5.26 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...

0.1AI score0.04353EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2018/08/28 12:0 a.m.87 views

Microsoft Edge Legacy Browser SEoL

The remote host has an install of Microsoft Edge Legacy, a web browser, which is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable, Inc...

5.5AI score
Exploits0References3
Drupal
Drupal
added 2018/02/14 12:0 a.m.5 views

VChess - Critical - Module Unsupported - SA-CONTRIB-2018-009

The Drupal VChess module allows users to play a chess game. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...

7.1AI score
Exploits0References3
Drupal
Drupal
added 2017/12/20 12:0 a.m.4 views

Directory based organisational layer - Critical - Unsupported - SA-CONTRIB-2017-096

This module adds a new organizational layer to Drupal, making it easy for managing large numbers of files and nodes. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. The security team takes action in...

7.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2016/04/14 4:48 p.m.14 views

Apple Deprecates QuickTime For Windows, Won't Patch New Flaws

The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product for the Microsoft platform. US-CERT today pushed out an alert advising QuickTime for Windows users that the only...

2.1AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/15 12:56 a.m.3 views

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

4.7CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/19 3:35 a.m.3 views

Advance-Flow vulnerable to SQL injection

Overview Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

7.5CVSS7.2AI score0.01164EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/05/30 12:0 a.m.37 views

Microsoft SharePoint Server Unsupported Version Detection

The remote host has an unsupported version of SharePoint Server installed. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/12/23 12:0 a.m.13 views

Safari Unsupported

The remote Windows host has an install of Safari, a web browser. While there has been no formal announcement, Apple appears to have discontinued support for Safari on Windows and has not released any updates since version 5.1.7 in May 9, 2012. Lack of support implies that no new security patches...

5.5AI score
Exploits0References2
Rows per page
Query Builder