Lucene search
+L

313 matches found

ptsecurity
ptsecurity
added 2021/09/15 12:0 a.m.6 views

PT-2021-10299 · Laiketui · Laiketui

Name of the Vulnerable Software and Affected Versions: LaikeTui version 3 Description: The issue allows remote attackers to execute arbitrary code via the component "/index.php?module=member&action=add". This is a Cross Site Request Forgery CSRF issue. Recommendations: For LaikeTui version 3, as ...

8.8CVSS9.1AI score0.00998EPSS
Exploits1References4
cnnvd
cnnvd
added 2021/07/15 12:0 a.m.5 views

DEPSTECH WiFi Digital Microscope 安全漏洞

DEPSTECH WiFi Digital Microscope is a wifi industrial endoscope from Shenzhen Shenzhen Deepsea Innovation Technology Co. A security vulnerability exists in the DEPSTECH WiFi Digital Microscope 3, which stems from the device allowing TELNET connections using the molinkadmin password for the molink...

7.5CVSS7.3AI score0.01317EPSS
Exploits1References2
fedora
fedora
added 2021/05/28 1:11 a.m.45 views

[SECURITY] Fedora 33 Update: php-symfony3-3.4.49-1.fc33

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

5CVSS2.7AI score0.01712EPSS
Exploits0
cnnvd
cnnvd
added 2021/04/28 12:0 a.m.5 views

Avaya Equinox Conferencing 安全漏洞

Avaya Equinox Conferencing is a conferencing support software from Avaya, USA. The software is a universal solution that includes all Avaya soft clients with the convergence of Avaya Aura Conferencing and Scopia for cell phones, browsers, desktops and conference room systems. A security...

7.5CVSS5.6AI score0.01303EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/04/22 12:0 a.m.5 views

Sonatype Nexus Repository Manager 跨站脚本漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Nexus Repository Manager version 3.x prior to 3.30.1, which can be exploited by an attacker...

6.1CVSS5.4AI score0.00671EPSS
Exploits0References4
nessus
nessus
added 2021/03/12 12:0 a.m.12 views

Rails Sprockets 2.x < 2.12.5 / 3.x < 3.7.2 / 4.x < 4.0.0.beta8 Path Traversal

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...

7.5CVSS7.7AI score0.26717EPSS
Exploits2References3
ics
ics
added 2021/01/21 12:0 a.m.65 views

WAGO M&M Software fdtCONTAINER (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

7.8CVSS7.5AI score0.0134EPSS
Exploits0References5
osv
osv
added 2020/10/28 3:15 p.m.3 views

CVE-2020-27978

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

7.5CVSS7.2AI score0.01833EPSS
Exploits0References1
ics
ics
added 2020/08/25 12:0 a.m.73 views

WECON LeviStudioU (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU --------- Begin Update C Part 1 of 3 --------- Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference, Heap-based...

7.8CVSS8.3AI score0.12007EPSS
Exploits0References5
cnvd
cnvd
added 2020/08/07 12:0 a.m.2 views

Unspecified Vulnerability in RIPE NCC RPKI Validator (CNVD-2020-52431)

RIPE NCC RPKI Validator is an RPKI validator from RIPE NCC in the Netherlands. A security vulnerability exists in version 3.x of RIPE NCC RPKI Validator prior to 3.1-2020.07.06.14.28. A remote attacker could exploit the vulnerability to bypass access restrictions...

9.1CVSS6.9AI score0.01272EPSS
Exploits0References1
cvelist
cvelist
added 2020/05/14 4:22 p.m.40 views

CVE-2020-11973

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...

9.5AI score0.06592EPSS
Exploits0References6
openvas
openvas
added 2020/04/24 12:0 a.m.35 views

Squid Security Update Advisory (SQUID-2020:4)

Squid is prone to multiple vulnerabilities in the HTTP Digest authentication. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

9.8CVSS9AI score0.27246EPSS
Exploits0References1
openbugbounty
openbugbounty
added 2020/04/18 6:13 a.m.12 views

gyges.org Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145820 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting gyges.org website and its users. Following coordinat...

0.2AI score
Exploits0
packetstorm
packetstorm
added 2020/02/10 12:0 a.m.176 views

Google Invisible RECAPTCHA 3 Spoof Bypass

Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit Author: Matamorphosis Tested on: Windows and...

0.2AI score
Exploits0
exploitdb
exploitdb
added 2020/02/07 12:0 a.m.193 views

Google Invisible RECAPTCHA 3 - Spoof Bypass

Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit Author: Matamorphosis Tested on: Windows and...

7.4AI score
Exploits0
osv
osv
added 2020/01/16 4:15 a.m.3 views

UBUNTU-CVE-2020-7045

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes...

6.5CVSS7.1AI score0.01457EPSS
Exploits1References5
prion
prion
added 2019/12/18 7:15 p.m.17 views

Default credentials

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

5CVSS9.2AI score0.3481EPSS
Exploits7References10Affected Software2
ubuntucve
ubuntucve
added 2019/11/29 3:15 p.m.48 views

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability ...

10CVSS7.4AI score0.16908EPSS
Exploits0References11
fedora
fedora
added 2019/11/22 12:48 a.m.34 views

[SECURITY] Fedora 31 Update: php-symfony3-3.4.35-2.fc31

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

9.8CVSS2.7AI score0.33247EPSS
Exploits0
ptsecurity
ptsecurity
added 2019/11/12 12:0 a.m.5 views

PT-2019-4316 · Siemens +1 · Capital Embedded Ar Classic R20-11 +4

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 All versions Capital Embedded AR Classic R20-11 All versions V2303 Nucleus NET All versions Nucleus ReadyStart V3 All versions V2017.02.3 Nucleus Source Code All versions Description: A vulnerability has be...

7.1CVSS6.8AI score0.00715EPSS
Exploits0References7
Rows per page
Query Builder