Lucene search
K

7930 matches found

CNVD
CNVD
added 2015/02/28 12:0 a.m.3 views

Vanilla Forums Cross-Site Scripting Vulnerability

Vanilla Forums is a Canadian company VanillaForums PHP-based open source forum program . A cross-site scripting vulnerability exists in Vanilla Forums versions 2.0.18.12 and 2.1.x prior to 2.1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

4.3CVSS6.1AI score0.01773EPSS
Exploits0References1
PyPA
PyPA
added 2015/02/24 3:59 p.m.9 views

PYSEC-2015-37

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

4CVSS6.8AI score0.02101EPSS
Exploits2References5Affected Software1
RedHat Linux
RedHat Linux
added 2015/02/19 9:9 p.m.4 views

openstack-glance: unrestricted path traversal flaw

It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw...

5.5CVSS5.8AI score0.0277EPSS
Exploits0References4
OSV
OSV
added 2015/01/21 6:59 p.m.1 views

DEBIAN-CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

6.5CVSS6.8AI score0.02769EPSS
Exploits0References1
OSV
OSV
added 2015/01/07 7:59 p.m.3 views

DEBIAN-CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...

5.5CVSS6.5AI score0.0277EPSS
Exploits0References1
OSV
OSV
added 2015/01/07 7:59 p.m.2 views

DEBIAN-CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service invalid pointer dereference via a crafted IKEv2 Key Exchange KE message with Diffie-Hellman DH group 1025...

5CVSS8.6AI score0.03823EPSS
Exploits0References1
OSV
OSV
added 2014/12/31 12:0 a.m.3 views

UBUNTU-CVE-2014-8184

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable in liblouis. An attacker could create a malicious file that would cause applications that use liblouis such as Orca to crash, or potentially execute arbitrary code when opened...

8.8CVSS7.7AI score0.01549EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2014/11/03 12:0 a.m.5 views

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...

4.3CVSS6.3AI score0.01759EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2014/10/21 2:55 p.m.3 views

CVE-2012-5242

Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the name parameter in a gettemplate action...

6.8CVSS5.9AI score0.02537EPSS
Exploits5References3
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.8 views

openstack-keystone: token expiration date stored incorrectly

A flaw was found in keystone revocation events that resulted in the "issuedat" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID...

4.9CVSS5.7AI score0.01515EPSS
Exploits0References4
OSV
OSV
added 2014/08/25 2:55 p.m.3 views

DEBIAN-CVE-2014-5356

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

4CVSS6.2AI score0.02127EPSS
Exploits0References1
PyPA
PyPA
added 2014/08/25 2:55 p.m.5 views

PYSEC-2014-108

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

4.9CVSS6.8AI score0.01515EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2014/08/20 12:0 a.m.16 views

UBUNTU-CVE-2014-5356

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

4CVSS5.8AI score0.02127EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2014/08/12 12:0 a.m.3 views

PT-2014-5590 · Raritan Japan · Raritan Dominion Kx2-101

Name of the Vulnerable Software and Affected Versions: Raritan Japan Dominion KX2-101 switches versions prior to 2 Description: The issue allows remote attackers to cause a denial of service, resulting in a device hang, via a crafted packet. Recommendations: For versions prior to 2, update to...

7.8CVSS6.6AI score0.02271EPSS
Exploits0References4
OSV
OSV
added 2014/07/29 12:0 a.m.5 views

UBUNTU-CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...

5CVSS5.8AI score0.02911EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/07/20 11:12 a.m.2 views

CVE-2014-1995

Cross-site scripting XSS vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00936EPSS
Exploits0References4
0day.today
0day.today
added 2014/05/27 12:0 a.m.26 views

jsboard 2.0.16 Local File Include Vulnerability

Exploit for php platform in category web applications ----------exploit Debut Local File Include Vulnerability ----------Script Info Author : JIKO ----------Script Info Site : http://kldp.net/projects/jsboard/ Version : 2.0.16 Download : http://kldp.net/frs/download.php/6058/jsboard-2.0.16.tar.gz...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/04/22 5:39 p.m.3 views

Qemu: block: possible crash due signed types or logic error

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...

6.2CVSS6.8AI score0.00329EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/04/22 5:39 p.m.2 views

qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function

Integer overflow in the virtionethandlemac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow...

4.9CVSS7.4AI score0.00711EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2014/04/22 12:0 a.m.13 views

PT-2020-7590 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: Qemu versions prior to 2.0 Description: The issue arises from missing bounds checks for block size and logical sector size variables in the block driver for Hyper-V VHDX Images. This could lead to infinite loops and other potential issues whe...

8.8CVSS6.9AI score0.05412EPSS
Exploits6References83
Rows per page
Query Builder