Lucene search
K

3231 matches found

Veracode
Veracode
added 2017/06/22 3:33 a.m.13 views

Cross-site Scripting (XSS)

github.com/gogits/gogs is vulnerable to cross-site scripting XSS attacks. The attacks can be triggered because a user can change their username to anything other than an empty string. This allows them to enter code which may be executed...

5.8AI score
Exploits0
Veracode
Veracode
added 2017/05/08 9:37 a.m.10 views

Denial Of Service(DoS)

github.com/snapcore/snapd is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not perform enough sanitization when the interface code that is responsible for sanitization of user-controlled plug/slot definition...

6.6AI score
Exploits0
Fortinet
Fortinet
added 2017/04/26 12:0 a.m.29 views

FortiAnalyzer, FortiManager Open Redirect Vulnerability

The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect...

5.8CVSS2.2AI score0.00943EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2017/04/21 12:0 a.m.5 views

Unitrends Enterprise Backup File Upload Vulnerability

Unitrends Enterprise Backup is backup software that incorporates cloud continuity services to ensure the recovery of your virtual, physical and cloud data, systems and applications. A file upload vulnerability exists in the createReportName and saveReport functions in Unitrends Enterprise Backup'...

8.8CVSS7.9AI score0.04318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2017/03/31 7:48 a.m.33 views

CVE-2017-7346

In the Linux kernel's vmwgbsurfacedefineioctl function, in 'drivers/gpu/drm/vmwgfx/vmwgfxsurface.c' file, a 'req-miplevels' is a user-controlled value which is later used as a loop count limit. This allows local unprivileged user to cause a denial of service by a kernel lockup via a crafted ioctl...

5.5CVSS4.1AI score0.00378EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2017/02/17 12:0 a.m.29 views

Simplessus Files 3.7.7 Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-004 Product: Simplessus Files Manufacturer: Simplessus Affected Versions: 3.7.7 Tested Versions: 3.7.7 Vulnerability Type: Path Traversal CWE-22 Risk Level: High Solution Status: Fixed Manufacturer Notification: January 25, 20...

0.3AI score
Exploits0
Prion
Prion
added 2017/02/13 9:59 p.m.19 views

Cross site scripting

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...

4.3CVSS6.8AI score0.00826EPSS
Exploits0References2Affected Software10
Cvelist
Cvelist
added 2017/02/13 9:0 p.m.21 views

CVE-2016-9371

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...

6.4AI score0.00826EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/01/24 3:45 p.m.28 views

Algolia: [github.algolia.com] DOM Based XSS github-btn.html

Description === Vulnerable parameter: user Vulnerable script: https://github.algolia.com/github-btn.html Vulnerable code: js var params = function for var t, e = , o = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&", r = 0; r HTMLHTMLHTMLHTMLHTMLHTML&type=follow PoC 2 XSS f...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2017/01/24 12:14 p.m.32 views

Ubiquiti Inc.: [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html

Description === Vulnerable parameter: user Vulnerable script: http://nutty.ubnt.com/github-btn.html Vulnerable code: js var params = function var vars = , hash; var hashes = window.location.href.slicewindow.location.href.indexOf'?' + 1.split'&'; forvar i = 0; i HTMLHTMLHTMLHTMLHTMLHTML&type=follo...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2016/12/23 7:47 a.m.28 views

CVE-2016-8707

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered...

7.8CVSS2.9AI score0.03653EPSS
Exploits2References1
Exploit DB
Exploit DB
added 2016/12/06 12:0 a.m.51 views

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/11/07 12:0 a.m.35 views

git-fastclone command execution vulnerability

git-fastclone is a set of tools for cloning git. A command execution vulnerability exists in git-fastclone versions prior to 1.0.5, which stems from a program passing a user-modified string directly to a shell command. The vulnerability can be exploited to execute malicious commands by modifying...

10CVSS7.5AI score0.04801EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2016/11/02 12:0 a.m.33 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

9.8CVSS6.9AI score0.04413EPSS
Exploits0References3
Talos
Talos
added 2016/10/25 12:0 a.m.42 views

LibTIFF PixarLogDecode Remote Code Execution Vulnerability

Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF’s PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...

0.5AI score
Exploits1
Cisco
Cisco
added 2016/08/03 4:0 p.m.73 views

Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability

A vulnerability in the command-line interface CLI command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed ...

6.6CVSS7.8AI score0.01939EPSS
Exploits3References1
Kitploit
Kitploit
added 2016/04/15 8:37 p.m.14 views

PeerTweet - Decentralized Feeds using BitTorrent's DHT

BitTorrent's DHT is probably one of the most resilient and censorship-resistant networks on the internet. PeerTweet uses this network to allow users to broadcast tweets to anyone who is listening. When you start PeerTweet, it generates a hash @33cwte8iwWn7uhtj9MKCs4q5Ax7B which is similar to your...

7.2AI score
Exploits0References7
OpenVAS
OpenVAS
added 2015/12/17 12:0 a.m.19 views

IBM Tivoli Storage Manager FastBack Server Multiple Vulnerabilities

IBM Tivoli Storage Manager FastBack is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.1AI score
Exploits0References3
0day.today
0day.today
added 2015/12/15 12:0 a.m.35 views

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow E

Exploit for windows platform in category dos / poc !/usr/bin/python Title: IBM Tivoli Storage Manager FastBack Server 5.5.4.2 FXCLIGetConfFileChunk Stack Buffer Overflow Vulnerability Date: 14 December 2015 Author: Gianni Gnesa gnix Vendor Homepage: http://www.ibm.com/ Software Name: IBM Tivoli...

7AI score
Exploits0
0day.today
0day.today
added 2015/09/30 12:0 a.m.55 views

freeswitch Heap Overflow Vulnerability

The JSON parser in freeswitch versions prior to 1.6.2 and 1.4.23 suffer from a heap overflow vulnerability. 1. Advisory Information Title: Heap overflow in freeswitch json parser 1.6.2 & 1.4.23 Submitter: Marcello Duarte email protected Product: freeswitch Product URL: http://freeswitch.org...

7.5CVSS6.7AI score0.04668EPSS
Exploits2
Rows per page
Query Builder