Lucene search
+L

255 matches found

osv
osv
added 2019/07/25 2:15 p.m.18 views

CVE-2019-1010161

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...

9.8CVSS7AI score
Exploits0References1
veracode
veracode
added 2019/06/21 7:13 a.m.6 views

Cross-Site Scripting (XSS)

diagram-js is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser user-controlled input in search-pad to steal session tokens or perform unwanted actions on behalf of the user...

6.2AI score
Exploits0
packetstorm
packetstorm
added 2019/05/23 12:0 a.m.76 views

WordPress Aliyun 5.2 Open Redirection

Exploit Title : WordPress Aliyun Themes 5.2 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 23/05/2019 Vendor Homepage : aliyunhelp.com - zmingcx.com Version : WordPress Version 4.9.10 - Theme Version 5.2 Tested On : Windows and Linux Category :...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2019/03/28 12:0 a.m.54 views

Masch CMStudio Banners 8.6.1 Open Redirection

Exploit Title : Masch CMStudio Banners Modules 8.6.1 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/03/2019 Vendor Homepage : masch.com/en-us/home/ Software Information Link : masch.com/en/cmstudio-enterprise/ Software Affected Versions :...

7.4AI score
Exploits0
nvd
nvd
added 2018/08/20 7:31 p.m.16 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

8.8CVSS9AI score0.02797EPSS
Exploits1References2
osv
osv
added 2018/08/20 7:31 p.m.12 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

8.8CVSS7.7AI score
Exploits0References2
prion
prion
added 2018/08/20 7:31 p.m.13 views

Design/Logic Flaw

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

6.5CVSS8.9AI score0.02797EPSS
Exploits1References2Affected Software1
cve
cve
added 2018/08/20 7:0 p.m.47 views

CVE-2018-1000649

LibreHealthIO LH-EHR REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in letter.php (2) within the Patient file letter functions. The issue allows writing files with malicious content via user-controlled input, potentially enabling remote code execution. This entry is cor...

8.8CVSS8.9AI score0.02797EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2018/08/20 7:0 p.m.19 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

9AI score0.02797EPSS
Exploits1References2
nvd
nvd
added 2018/08/01 6:29 a.m.28 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

9.8CVSS7.9AI score0.04413EPSS
Exploits0References8
osv
osv
added 2018/08/01 6:29 a.m.27 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

9.8CVSS6.9AI score0.04413EPSS
Exploits0References8
debiancve
debiancve
added 2018/08/01 6:0 a.m.30 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

9.8CVSS8.2AI score0.04413EPSS
Exploits0
cvelist
cvelist
added 2018/08/01 6:0 a.m.29 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

6.5CVSS6.6AI score0.04413EPSS
Exploits0References8
alpinelinux
alpinelinux
added 2018/08/01 6:0 a.m.43 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

9.8CVSS6.9AI score0.04413EPSS
Exploits0
seebug
seebug
added 2018/01/29 12:0 a.m.28 views

iBall Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The key is if you are using an ADSL2+ connectio...

7.5AI score
Exploits0
nvd
nvd
added 2018/01/21 10:29 p.m.11 views

CVE-2018-5955

An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI...

9.8CVSS9.5AI score0.80982EPSS
Exploits9References2
osv
osv
added 2018/01/16 7:29 p.m.5 views

CVE-2017-16556

In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations...

5.5CVSS5.9AI score0.00271EPSS
Exploits0References1
prion
prion
added 2018/01/16 7:29 p.m.21 views

Hardcoded credentials

In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL...

2.1CVSS5.4AI score0.00291EPSS
Exploits0References1Affected Software5
prion
prion
added 2018/01/16 7:29 p.m.22 views

Memory corruption

In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations...

2.1CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software5
prion
prion
added 2018/01/04 4:29 a.m.21 views

Null pointer dereference

In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the...

3.6CVSS6.6AI score0.01242EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder