Lucene search
K

170 matches found

CISA
CISA
added 2014/09/24 12:0 a.m.79 views

Mozilla Network Security Services (NSS) Library Vulnerability

A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similar...

6.6AI score
Exploits0References3
CISA
CISA
added 2014/08/04 12:0 a.m.9 views

Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain ful...

7AI score
Exploits0References2
CISA
CISA
added 2014/04/08 12:0 a.m.15 views

OpenSSL 'Heartbleed' Vulnerability

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL...

6.8AI score
Exploits0References1
CISA
CISA
added 2014/01/10 12:0 a.m.13 views

Network Time Protocol (NTP) Amplification Attacks

A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack DDoS via forged requests. US-CERT and the Canadian Cyber Incident Response Center CCIRC have both observed active use of this attack vector in recent DDoS attacks. US-CERT...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/05/31 12:0 a.m.88 views

SNMP Version 3 Authentication Bypass Vulnerabilities (cisco-sa-20080610-snmpv3)

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3 feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network informati...

10CVSS6.4AI score0.6879EPSS
Exploits7References2
RedHat Linux
RedHat Linux
added 2012/09/13 4:47 p.m.14 views

dbus: privilege escalation when libdbus is used in setuid/setgid application

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

6.9CVSS7.4AI score0.04514EPSS
Exploits4References4
OSV
OSV
added 2012/03/21 10:11 a.m.4 views

DEBIAN-CVE-2012-1459

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal aka Cat QuickHeal 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo...

4.3CVSS6.4AI score0.99809EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2012/03/21 10:11 a.m.3 views

CVE-2012-1433

The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46...

4.3CVSS5.7AI score0.93715EPSS
Exploits0References3
CISA
CISA
added 2011/12/28 12:0 a.m.18 views

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. The Ruby...

6.6AI score
Exploits0References5
CISA
CISA
added 2011/04/15 12:0 a.m.57 views

Oracle Releases Critical Patch Update for April 2011

Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes: 6 updates for the Oracle Database Server 9 updates for Oracle Fusion Middleware 1 update for Oracle Enterprise Manager Grid...

4.4CVSS6.1AI score0.00387EPSS
Exploits0References3
CISA
CISA
added 2011/02/23 12:0 a.m.21 views

Internet System Consortium Releases BIND Advisory

The Internet System Consortium has released an advisory to address a vulnerability affecting BIND versions 9.7.1 through 9.7.2-P3. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators using the affected versions of BIND to...

7.1CVSS2.1AI score0.13598EPSS
Exploits1References2
securityvulns
securityvulns
added 2011/01/18 12:0 a.m.48 views

Objectivity/DB Lack of Authentication Remote Exploit

!/usr/bin/python obj.py Objectivity/DB Lack of Authentication Remote Exploit Jeremy Brown 0xjbrown41-gmail-com Jan 2011 "Objectivity, Inc. is a leader in distributed, scalable database technology. Our patented data management engine and persistent object store is the enabling technology powering...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2011/01/14 12:0 a.m.42 views

ObjectivityDB - Lack of Authentication

ObjectivityDB - Lack of Authentication !/usr/bin/python obj.py Objectivity/DB Lack of Authentication Remote Exploit Jeremy Brown 0xjbrown41-gmail-com Jan 2011 "Objectivity, Inc. is a leader in distributed, scalable database technology. Our patented data management engine and persistent object sto...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2011/01/14 12:0 a.m.38 views

Objectivity/DB Lack Of Authentication

!/usr/bin/python obj.py Objectivity/DB Lack of Authentication Remote Exploit Jeremy Brown 0xjbrown41-gmail-com Jan 2011 "Objectivity, Inc. is a leader in distributed, scalable database technology. Our patented data management engine and persistent object store is the enabling technology powering...

0.1AI score
Exploits0
CISA
CISA
added 2011/01/12 12:0 a.m.14 views

Microsoft Security Advisory 2488013

Microsoft Security Advisory 2488013 addresses a vulnerability in Internet Explorer. This advisory has been updated to include Microsoft Fix It 50591 that prevents the recursive loading of CSS style sheets in Internet Explorer as a mitigation for this vulnerability. Exploitation of this...

7.2AI score
Exploits0References4
CISA
CISA
added 2010/06/10 12:0 a.m.13 views

Microsoft Windows Help and Support Center Vulnerability

US-CERT is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands. US-CERT encourages users a...

7.3AI score
Exploits0References1
CISA
CISA
added 2010/04/16 12:0 a.m.146 views

Oracle Releases Sun Java SE 1.6.0_20

Oracle has released Sun Java SE 1.6.020 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker...

10CVSS2.4AI score0.69949EPSS
In wildExploits7References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

JP1/Cm2/Network Node Manager Denial of Service Vulnerability

Overview The JP1/Cm2/Network Node Manager NNM has vulnerability that can be exploited to cause a denial of service DoS. Impact A remote attacker could cause a denial of service DoS. Solution Please refer to the 'Vendor Information' section for the recommended workaround...

5CVSS6.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2008/01/11 12:44 p.m.5 views

PostgreSQL privilege escalation via dblink

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete...

7.2CVSS5.9AI score0.01573EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/05/08 2:53 p.m.7 views

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

4.3CVSS5.8AI score0.72168EPSS
Exploits0References4
Rows per page
Query Builder