Lucene search
K

2170 matches found

OSV
OSV
added 2017/11/30 9:29 a.m.2 views

CVE-2017-12362

A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service DoS condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker...

6.5CVSS5.8AI score0.02348EPSS
Exploits0References3
CNVD
CNVD
added 2017/11/28 12:0 a.m.6 views

Multiple Cross-Site Scripting Vulnerabilities in TeamPass

TeamPass is a dedicated password manager for Apache, MySQL and PHP. Multiple cross-site scripting vulnerabilities exist in versions of TeamPass prior to 2.1.27.9. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of an item's URL value or user l...

5.4CVSS6.1AI score0.00955EPSS
Exploits1References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.4 views

Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37741)

Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A cross-site scripting vulnerability exists in Horde Groupware version 5.2.19. A remote attack...

5.4CVSS5.9AI score0.01752EPSS
Exploits1References1
CNVD
CNVD
added 2017/11/15 12:0 a.m.2 views

Mozilla Firefox Cross-Origin URL Information Disclosure Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A cross-origin URL information disclosure vulnerability exists in Mozilla Firefox versions prior to 57.0. The vulnerability arises because the Resource Timing API incorrectly discloses navigati...

6.5CVSS6AI score0.02485EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/08 12:0 a.m.5 views

chromium-browser Omnibox Component URL Spoofing Vulnerability

chromium-browser is an open source web browser project started by Google to provide source code for the proprietary Google Chrome browser. A URL spoofing vulnerability exists in the chromium-browser Omnibox component. An attacker could exploit the vulnerability to conduct malicious website URL...

6.5CVSS6.8AI score0.01356EPSS
Exploits0References1
OSV
OSV
added 2017/10/11 1:32 a.m.2 views

DEBIAN-CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS6.3AI score0.0107EPSS
Exploits1References1
OSV
OSV
added 2017/10/10 9:29 p.m.2 views

CVE-2017-1538

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735...

6.5CVSS5.8AI score0.01386EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2017/10/03 1:29 a.m.4 views

CVE-2017-12792

Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...

6.1CVSS5.2AI score0.01212EPSS
Exploits1References2
CNVD
CNVD
added 2017/09/30 12:0 a.m.3 views

SQL Injection Vulnerability in the change_store_num Method of WK+shop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop general mall system changestorenum method has a SQL injection vulnerability, attackers can construct a specific URL t...

7.9AI score
Exploits0
OSV
OSV
added 2017/09/13 4:29 p.m.6 views

UBUNTU-CVE-2015-2750

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...

6.1CVSS6.5AI score0.01376EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/09/13 12:0 a.m.6 views

The vulnerability of the Apache Tomcat application server’s HTTP/2 implementation allows attackers to bypass security checks.

The vulnerability of the Apache Tomcat application server that implements HTTP/2 exists due to an incorrect path limitation for the directory with restricted access. Exploiting this vulnerability allows a malicious actor to bypass security checks by using a specially crafted URL link...

5CVSS7.2AI score0.1014EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/09/05 12:0 a.m.7 views

UBUNTU-CVE-2017-2862

An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...

8.8CVSS7.5AI score0.04599EPSS
Exploits3References4
OSV
OSV
added 2017/08/23 2:29 p.m.6 views

UBUNTU-CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

8.8CVSS7.7AI score0.06404EPSS
Exploits0References5
CNVD
CNVD
added 2017/07/13 12:0 a.m.6 views

PHP Security Bypass Vulnerability (CNVD-2017-23336)

PHP PHP: HypertextPreprocessor is an open source general-purpose computer scripting language maintained by the PHPGroup and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C and C++. A security vulnerability...

7.5CVSS7.9AI score0.01908EPSS
Exploits0References1
OSV
OSV
added 2017/07/03 4:29 p.m.8 views

UBUNTU-CVE-2017-5943

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery CSRF verification tokens via a crafted URL...

8.8CVSS7.2AI score0.00835EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/06/21 4:36 a.m.3 views

Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS7.3AI score0.02665EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/06/14 3:28 p.m.6 views

openstack-heat: Template source URL allows network port scan

An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...

4.3CVSS5.7AI score0.01537EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/06/14 7:51 a.m.5 views

Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS7.3AI score0.02665EPSS
Exploits0References5
CNVD
CNVD
added 2017/06/08 12:0 a.m.5 views

Samsung SM-N9005 and SM-G920F Samsung kernel for Android secfilter input validation vulnerability

Samsung kernel for Android on SM-N9005 Note 3 and SM-G920F Galaxy S6 are kernels for Android running in the SM-N9005 Note 3 and SM-G920F Galaxy S6 smartphones from Samsung, South Korea. secfilter is one of the URL resolution filtering plugins. secfilter is a URL parsing and filtering plug-in for...

9.6CVSS6.8AI score0.39413EPSS
Exploits1References1
OSV
OSV
added 2017/06/07 5:29 p.m.3 views

CVE-2016-5959

IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136...

5.3CVSS7.3AI score0.01286EPSS
Exploits0References3
Rows per page
Query Builder