Lucene search
K

111 matches found

Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.13 views

Siemens SIMATIC HMI Panels < 15.4 Integrated Webserver HTTP Header Injection

Binary data 720167.prm...

8.8CVSS7.3AI score0.01684EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/04/16 2:49 p.m.9 views

mod_auth_mellon: authentication bypass in ECP flow

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

8.1CVSS5.7AI score0.02969EPSS
Exploits1References5
CNVD
CNVD
added 2018/03/27 12:0 a.m.5 views

Mitel ST Information Disclosure Vulnerability

Mitel ST is a video conferencing product from Mitel Canada. A security vulnerability exists in Mitel ST 14.2 GA28 and prior versions. An attacker can exploit the vulnerability to determine a valid user ID and associated user name...

5.3CVSS6.8AI score0.0087EPSS
Exploits0References1
NVD
NVD
added 2018/02/15 9:29 p.m.14 views

CVE-2011-4973

Authentication bypass vulnerability in modnss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password...

9.8CVSS9.5AI score0.01018EPSS
Exploits0References2
Prion
Prion
added 2018/02/15 9:29 p.m.11 views

Authentication flaw

Authentication bypass vulnerability in modnss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password...

7.5CVSS7.2AI score0.01018EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/02/15 9:0 p.m.34 views

CVE-2011-4973

Authentication bypass vulnerability in modnss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password...

9.5AI score0.01018EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/02/15 9:0 p.m.18 views

CVE-2011-4973

Removed by vendor...

9.8CVSS9.4AI score0.01018EPSS
Exploits0
NVD
NVD
added 2018/01/18 6:29 a.m.20 views

CVE-2018-0088

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...

7.2CVSS7.2AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2017/11/02 4:29 p.m.17 views

CVE-2017-12283

A vulnerability in the handling of 802.11w Protected Management Frames PAF by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected...

6.1CVSS6.2AI score0.00569EPSS
Exploits0References3
NVD
NVD
added 2017/08/24 8:29 p.m.17 views

CVE-2015-7259

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs...

9CVSS8.5AI score0.09461EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.7 views

tomcat: timing attack in Realm implementation

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

5.9CVSS7.3AI score0.07991EPSS
Exploits0References7
CNVD
CNVD
added 2017/03/02 12:0 a.m.3 views

ownCloud server user enumeration vulnerability

ownCloud is a free and open source personal cloud storage solution that offers file management, music storage, calendars and more. A user enumeration vulnerability exists in the ownCloud server, which allows remote attackers to submit a special request to obtain a valid user name...

4.3CVSS5.1AI score0.01095EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/14 12:0 a.m.3 views

User Enumeration Vulnerability in Journalx 2.0, a Remote Processing System for Journal Manuscripts

Journalx 2.0 is a remote processing platform for journal manuscripts developed independently by Beijing Magtech. A user enumeration vulnerability exists in Journalx 2.0. An attacker can exploit the vulnerability to obtain valid user accounts, resulting in an exhaustive attack...

6.9AI score
Exploits0
CNVD
CNVD
added 2016/10/30 12:0 a.m.2 views

Puppet Enterprise User Enumeration Vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. A user enumeration vulnerability exis...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2016/10/27 12:0 a.m.7 views

Cloudera Manager User Enumeration Vulnerability

Cloudera Manager is a set of Hadoop data management software from Cloudera, USA. The software supports the creation of clusters, authentication, data backup and recovery and so on. A user enumeration vulnerability exists in Cloudera Manager. An attacker can exploit the vulnerability to obtain val...

7.5CVSS6.8AI score0.01589EPSS
Exploits1References1
ArchLinux
ArchLinux
added 2016/01/17 12:0 a.m.35 views

roundcubemail: remote code execution

High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. The vulnerability exists du...

6CVSS1.7AI score0.22212EPSS
Exploits5References5
NVD
NVD
added 2014/05/26 4:29 a.m.22 views

CVE-2013-3977

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names...

4.3CVSS6.4AI score0.09048EPSS
Exploits2References2
Saint
Saint
added 2013/07/03 12:0 a.m.29 views

SAP NetWeaver SOAP RFC SXPG_COMMAND_EXECUTE Command Execution

Added: 07/03/2013 BID: 55084 OSVDB: 93536 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain externa...

8.2AI score
Exploits0
Saint
Saint
added 2009/09/03 12:0 a.m.223 views

Microsoft IIS FTP Server NLST Command Remote Overflow

Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...

9CVSS7.4AI score0.90913EPSS
Exploits11
Saint
Saint
added 2009/09/03 12:0 a.m.37 views

Microsoft IIS FTP Server NLST Command Remote Overflow

Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...

9CVSS7.4AI score0.90913EPSS
Exploits11
Rows per page
Query Builder