Lucene search
K

176 matches found

Tenable Nessus
Tenable Nessus
added 2019/01/18 12:0 a.m.32 views

Debian DLA-1635-1 : sssd security update

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the empty string / no home directory. This could impact services that restrict the user's filesystem access to within their home directory through chroot...

5.2CVSS5.3AI score0.00696EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/01/11 6:26 p.m.15 views

CVE-2019-3811

A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the empty string / no home directory. This could impact services that restrict the user's filesystem access to within their home directory through...

5.2CVSS1AI score0.00696EPSS
Exploits0References2
CNVD
CNVD
added 2018/09/21 12:0 a.m.4 views

Elastic Cloud Enterprise (ECE) Information Disclosure Vulnerability (CNVD-2019-17471)

Elastic Cloud Enterprise ECE is a suite of software packages for managing, monitoring, and configuring Elasticsearch, Kibana, and X-Pack from Elasticsearch Netherlands. An information disclosure vulnerability exists in Elastic Cloud Enterprise ECE, which can be exploited by an attacker to access...

5.9CVSS5.8AI score0.00555EPSS
Exploits0References1
Citrix
Citrix
added 2018/09/18 12:0 a.m.8 views

Cannot access the url for SSPR: Getting HTTP error 403.14 :Forbidden

Setup for user configuration has been done. Now when I try to access the sspr url; it doesnt go through. Tried on one machineSSPR server and with one user...

7.1AI score
Exploits0
OSV
OSV
added 2018/09/14 7:29 a.m.3 views

CVE-2018-17044

In YzmCMS 5.1, stored XSS exists via the admin/systemmanage/userconfigadd.html title parameter...

4.8CVSS5.8AI score0.00509EPSS
Exploits1References1
OSV
OSV
added 2018/07/18 6:28 p.m.2 views

GHSA-M85C-9MF8-M2M6 Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS6.1AI score0.04435EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2018/06/28 12:0 a.m.32 views

Microsoft Windows: Do not preserve zone information in file attachments

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winzoneinfoattachments.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Do not preserve zone information in file attachments users listed in HKU Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/17 12:0 a.m.14 views

Microsoft Office: Allow including screenshot with Office Feedback

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013includescreenshotsofficefeedback.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Allow including screenshot with Office Feedback Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/17 12:0 a.m.11 views

Microsoft Office: Send Office Feedback

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013sendofficefeedback.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Send Office Feedback Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is fre...

7.3AI score
Exploits0
Citrix
Citrix
added 2018/01/24 12:0 a.m.9 views

Improved Control Over the Remote Language Bar for Seamless Published Applications

Introduction This feature enhancement first appears in the XenApp and XenDesktop 7.17 Product Release. Code changes to support this feature were required in Windows VDA version 7.17 and Receiver for Windows 4.11. Using the Receiver for Windows UI, users can now configure whether they want to...

7.3AI score
Exploits0
NVD
NVD
added 2017/07/21 2:29 p.m.14 views

CVE-2015-3639

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...

8.8CVSS8.7AI score0.01972EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/07/21 2:0 p.m.19 views

CVE-2015-3639

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...

8.7AI score0.01972EPSS
Exploits0References3
Citrix
Citrix
added 2017/06/21 12:0 a.m.7 views

How to Configure NetScaler MAS for readonly access via TACACS using Cisco ACS

Configure NetScaler MAS and Cisco ACS to provide readonly access to users for MAS...

7.1AI score
Exploits0
myhack58
myhack58
added 2017/02/17 12:0 a.m.31 views

For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net

Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...

0.2AI score
Exploits0
CNVD
CNVD
added 2016/10/27 12:0 a.m.3 views

Cisco AsyncOS Security Bypass Vulnerability (CNVD-2016-10397)

The Cisco AsyncOS operating system is available to enhance the security and performance of Cisco email security appliances. A remote security bypass vulnerability exists in Cisco AsyncOS, where an unauthenticated, remote attacker bypasses a user's configuration on the appliance and performs an...

7.5CVSS6.9AI score0.02419EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/09/07 12:0 a.m.4 views

The vulnerability of the GNU Mailman mailing system allows a hacker to gain access to the authentication data of arbitrary users.

The vulnerability of the GNU Mailman system’s user configuration page relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely access the authentication data of arbitrary users through modified requests. As a result, the access to the...

6.8CVSS7.5AI score0.01613EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2016/08/08 12:0 a.m.89 views

Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)

Exploit Title: Group Policy Elevation of Privilege Vulnerability Date: 08-08-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-3223 Category: Privilege Escalation SPECIAL CONFIG: Standard Domain Member configuration with valid credentials. Standard Domain...

9.3CVSS8.1AI score0.21091EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2016/07/19 12:0 a.m.16 views

Skype User Configuration Files

Nessus was able to collect the Skype user configuration files for each system user. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92432; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/23 16:10:01"; scriptnameenglish:"Skype User Configuration Files";...

5.4AI score
Exploits0References1
OSV
OSV
added 2015/02/25 8:5 p.m.11 views

SUSE-RU-2015:0611-1 Recommended update for SUSE Manager Server 2.1

This collective update for SUSE Manager Server 2.1 provides the following new features: Connect SUSE Manager to the SUSE Customer Center. Manage SLE12 systems. ISS: export/import information about cloned channels to support Service Pack migration on ISS slaves. FATE317789 New API calls:...

7.5CVSS8.2AI score0.95821EPSS
Exploits5References140
RedHat Linux
RedHat Linux
added 2014/10/14 1:1 p.m.2 views

jenkins: default markup formatter permits offsite-bound forms (SECURITY-88)

Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...

4.3CVSS5.9AI score0.05406EPSS
Exploits5References4
Rows per page
Query Builder