Lucene search
K

4662 matches found

Positive Technologies
Positive Technologies
added 2012/07/16 12:0 a.m.5 views

PT-2012-1838 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.11 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to UR...

4.3CVSS5.8AI score0.01197EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2012/06/20 4:2 p.m.8 views

JNDI: unauthenticated remote write access is permitted by default

The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

7.5CVSS5.9AI score0.03521EPSS
Exploits1References4
OSV
OSV
added 2011/10/20 9:55 p.m.4 views

DEBIAN-CVE-2011-1528

The krb5ldaplockoutaudit function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors, related to the...

7.8CVSS6.4AI score0.04177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2011/04/22 10:55 a.m.3 views

CVE-2011-1689

Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.4AI score0.02326EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2011/04/21 4:54 p.m.8 views

kdelibs: partially universal XSS in Konqueror error pages

Cross-site scripting XSS vulnerability in the KHTMLPart::htmlError function in khtml/khtmlpart.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site...

4.3CVSS5.9AI score0.02673EPSS
Exploits2References4
OSV
OSV
added 2011/04/19 7:55 p.m.3 views

UBUNTU-CVE-2011-1723

Cross-site scripting XSS vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information...

4.3CVSS5.9AI score0.04459EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2011/03/11 1:4 a.m.6 views

tomcat: remote DoS via NIO connector

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

5CVSS6.2AI score0.07885EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/30 10:40 p.m.4 views

krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)

MIT Kerberos 5 aka krb5 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center KDC, or forge a KRB-SAFE message via...

3.7CVSS6.1AI score0.02847EPSS
Exploits0References4
OSV
OSV
added 2010/09/14 9:0 p.m.9 views

DEBIAN-CVE-2010-2799

Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments...

6.8CVSS8.3AI score0.02752EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/08/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2008-0600

The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010...

7.2CVSS5.8AI score0.0354EPSS
Exploits7References1
Positive Technologies
Positive Technologies
added 2010/05/11 12:0 a.m.3 views

PT-2010-3497 · Com Jvehicles · Jvehicles

Name of the Vulnerable Software and Affected Versions: Jvehicles com jvehicles versions 1.0 through 2.1111 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the aid parameter in an "agentlisting" action to "index.php". Recommendations: For...

7.5CVSS7.8AI score0.03047EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2009/07/27 9:34 a.m.2 views

python: imageop module multiple integer overflows

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different...

7.5CVSS6.6AI score0.21024EPSS
Exploits6References4
Positive Technologies
Positive Technologies
added 2009/03/30 12:0 a.m.3 views

PT-2009-1060 · Linux +1 · Kpartx +3

Name of the Vulnerable Software and Affected Versions: device-mapper-multipath versions 0.4.5 through 0.4.8 multipath-tools versions prior to 0.4.8-r1 kpartx version 0.4.7 Description: The issue concerns the Device Mapper multipathing driver, which uses world-writable permissions for the socket...

7.8CVSS7.4AI score0.00494EPSS
Exploits1References34
ATTACKERKB
ATTACKERKB
added 2009/03/05 8:30 p.m.4 views

CVE-2008-6399

Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors...

6.4CVSS5.8AI score0.01953EPSS
Exploits0References5
OSV
OSV
added 2009/02/08 10:30 p.m.2 views

DEBIAN-CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...

5CVSS6.4AI score0.71986EPSS
Exploits8References1
Positive Technologies
Positive Technologies
added 2009/01/27 12:0 a.m.5 views

PT-2009-2955 · K23Productions · Tftputil Gui

Name of the Vulnerable Software and Affected Versions: k23productions TFTPUtil GUI versions 1.2.0 through 1.3.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a service crash. This can be achieved by sending a crafted request with a long filename...

5CVSS6.7AI score0.02194EPSS
Exploits0References5
OSV
OSV
added 2008/12/19 5:30 p.m.9 views

CVE-2008-5086

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions...

6AI score
Exploits0References13
OSV
OSV
added 2008/11/10 4:15 p.m.3 views

DEBIAN-CVE-2008-5032

Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, bu...

9.3CVSS8.5AI score0.10671EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2008/10/01 3:24 p.m.5 views

wireshark: memory disclosure in the RMI dissector

Unspecified vulnerability in the RMI dissector in Wireshark formerly Ethereal 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors...

4.9CVSS5.9AI score0.01205EPSS
Exploits1References4
OSV
OSV
added 2008/09/18 5:59 p.m.5 views

DEBIAN-CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

9.3CVSS7.6AI score0.09207EPSS
Exploits1References1
Rows per page
Query Builder