Lucene search
+L

138 matches found

WPVulnDB
WPVulnDB
added 2019/06/11 12:0 a.m.11 views

Support Board - Chat And Help Desk | Support & Chat <= 1.2.8 Stored XSS

Info: Weak security measures like bad textarea data filtering has been discovered in the «Support Board - Chat And Help Desk | Support & Chat». Demo Website: https://codecanyon.net/item/support-board-chat-and-help-desk/20752085 Backend: https://board.support/desk-demo/?login=true Login / Password...

7.2AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2019/05/05 12:0 a.m.23 views

Travel Booking < 2.7.8.4 - Reflected & Stored XSS

Weak security measures like no input & textarea fields data filtering has been discovered in the 'Traveler - Travel Booking WordPress Theme'. Special Notes: 1 - 'Change Avatar' upload field works really strange. F.e., u can upload any .PHP file with extension .php.png and break profile page Serve...

6.6AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2019/04/15 7:0 p.m.60 views

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...

1.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/07 3:30 p.m.28 views

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanism...

9.6CVSS0.9AI score0.02837EPSS
Exploits1Affected Software1
HackRead
HackRead
added 2019/01/07 5:26 p.m.107 views

Thousands of Internet connected hot tubs vulnerable to remote attacks

By Waqas Weak security practices have rendered IoT devices vulnerable to hacking and all sorts of cyber-attacks. According to the research from a Buckinghamshire-based security group Pen Test Partners, hot tubs can also be hacked using an app simply because there isn’t any authentication process ...

1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.32 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Service Delivery Manager. OpenSSL is installed on the operating system shipped via IBM Service Delivery Manager

Summary OpenSSL contains vulnerabilities CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293. OpenSSL is installed on the...

7.5CVSS1.3AI score0.98685EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:44 p.m.10 views

Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console affects IBM Tivoli Netcool Configuration Manager (ITNCM)

Summary There is a potential for weaker than expected security with the Administrative Console in WebSphere Application Server that may affect IBM Tivoli Netcool Configuration Manager ITNCM Vulnerability Details CVEID: CVE-2017-1137 DESCRIPTION: IBM WebSphere Application Server could provide weak...

8.1CVSS1AI score0.01881EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:22 p.m.34 views

Security Bulletin: IBM Security Network Protection is affected by OpenSSL vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)

Summary Security vulnerabilities have been discovered in OpenSSL used with IBM Security Network Protection. Vulnerability Details CVEID:CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the...

5CVSS0.5AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.22 views

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2017-1151, CVE-2017-1137, CVE-2017-1194 )

Summary There is a potential privilege escalation vulnerability in traditional WebSphere Application Server when using the OpenID Connect OIDC Trust Association Interceptor TAI. This does not affect WebSphere Application Server Liberty. There is a potential for weaker than expected security with...

8.8CVSS7.5AI score0.02237EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2018/02/12 11:0 p.m.27 views

CVE-2017-9967

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...

7.7AI score0.00386EPSS
Exploits0References2
CNVD
CNVD
added 2018/01/31 12:0 a.m.1 views

IBM WebSphere Application Server Elevation of Privilege Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS that stems from t...

8.8CVSS7.1AI score0.02845EPSS
Exploits0References1
NVD
NVD
added 2018/01/30 6:29 p.m.11 views

CVE-2017-1731

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges...

8.8CVSS8.8AI score0.02845EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/01/30 6:0 p.m.14 views

CVE-2017-1731

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges...

8.8AI score0.02845EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/09/15 12:0 a.m.11 views

The vulnerability in the implementation of the SDP protocol for Bluetooth driver of Windows operating systems allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the SDP protocol implementation for Bluetooth drivers in Windows operating systems is related to incorrect security requirements. Exploiting this vulnerability allows a malicious actor to create a network interface and use it to execute a type of “man-in-the-middle” attack...

7.9CVSS7.4AI score0.02307EPSS
Exploits2References5
NVD
NVD
added 2017/08/18 3:29 p.m.13 views

CVE-2017-1501

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576...

5.9CVSS5.6AI score0.02033EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/06/04 10:1 a.m.22 views

Weblate: no captcha for register user and weak question attacker can spam email

hi in https://demo.weblate.org/accounts/register/ attacker can register with same email and if didnt click on confirm link attacker can make request with infinite loop so attacker can spam another email with your service question is so simple any bot that can read source can generate answer for i...

0.3AI score
Exploits0
FireEye
FireEye
added 2017/04/12 8:0 a.m.12 views

What About the Plant Floor? Six Subversive Concerns for ICS Environments

Industrial enterprises such as electric utilities, petroleum companies, and manufacturing organizations invest heavily in industrial control systems ICS to efficiently, reliably, and safely operate industrial processes. Without this technology operating the plant floor, these businesses cannot...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/04/16 10:25 p.m.35 views

Uber: Stored XSS in developer.uber.com

An attacker can make a series of requests to https://uber.readme.io/ that will result in permanent defacement/stored XSS of all the documentation pages on https://developer.uber.com/ I'm not entirely sure if this is in scope, but it could definitely have a major impact on developer.uber.com so I...

6.3AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/02/05 12:0 a.m.14 views

(0Day) Advantech WebAccess Local Escalation Of Privilege Vulnerability

This vulnerability allows local users to elevate to administrator status on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS6.3AI score
Exploits0
Exploit DB
Exploit DB
added 2014/03/19 12:0 a.m.37 views

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.org http://www.loadbalancer.org/...

7.4AI score
Exploits0
Rows per page
Query Builder