Lucene search
K

2156 matches found

BDU FSTEC
BDU FSTEC
added 2016/07/04 12:0 a.m.5 views

The vulnerability of the Firefox browser allows a hacker to bypass existing access restrictions and alter the location.host property.

The vulnerability of Firefox browsers is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and alter the location.host property using unreliable URL data...

4.3CVSS7AI score0.01699EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2016/07/02 2:59 p.m.4 views

CVE-2016-2872

Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL...

5.3CVSS5.9AI score0.01835EPSS
Exploits0References1
OSV
OSV
added 2016/07/02 2:59 p.m.3 views

CVE-2016-0400

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

6.1CVSS5.9AI score0.0214EPSS
Exploits2References4
CNVD
CNVD
added 2016/06/29 12:0 a.m.2 views

IBM WebSphere Application Server HTTP Response Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. There is a security vulnerability in IBM WAS. A remote...

6.1CVSS8.1AI score0.01465EPSS
Exploits0References1
OSV
OSV
added 2016/06/19 8:59 p.m.3 views

UBUNTU-CVE-2016-1864

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL...

4.3CVSS6.7AI score0.01864EPSS
Exploits0References6
CNVD
CNVD
added 2016/06/16 12:0 a.m.25 views

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04089)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

5.3CVSS9.1AI score0.10638EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/06/09 12:0 a.m.5 views

Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to obtain confidential information

The vulnerability of the CFNetwork Proxies subsystem in iOS and Mac OS X systems exists due to incorrect URL addresses in http and https requests. Exploiting this vulnerability can allow a malicious actor to obtain confidential information remotely...

5CVSS7.3AI score0.03716EPSS
Exploits0References7Affected Software2
RedHat Linux
RedHat Linux
added 2016/05/17 4:30 p.m.6 views

tomcat: directory disclosure

It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that...

5.3CVSS6.7AI score0.1838EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a hacker to manipulate the URL string.

The vulnerability of the WebContentsImpl::FocusLocationBarByDefault function content/browser/webcontents/webcontentsimpl.cc in the Google Chrome browser exists due to improper handling of calls to certain empty pages. Exploiting this vulnerability can allow a malicious actor to manipulate the URL...

4.3CVSS6.7AI score0.01425EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2016/04/30 12:0 a.m.3 views

Apache Cordova iOS Malicious Resource Loading Vulnerability

Apache Cordova iOS is a platform for developing iOS-based mobile applications using HTML, CSS and JavaScript, and is the core engine that drives PhoneGap. A security vulnerability exists in Apache Cordova iOS that allows remote attackers to load malicious resources by exploiting a method that can...

7.5CVSS6.8AI score0.02879EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/04/14 12:0 a.m.7 views

The vulnerabilities of the data backup and application protection tools IBM Spectrum Protect Snapshot, as well as the virtual machine protection tools IBM Spectrum Protect for Virtual Environments, allow attackers to enhance their privileges.

The vulnerability of the Data Protection component in data backup and application solutions from IBM Spectrum Protect Snapshot, as well as in virtual machine protection solutions from IBM Spectrum Protect for Virtual Environments, is related to deficiencies in access control. Exploiting this...

10CVSS7.8AI score0.03922EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2016/03/29 12:0 a.m.6 views

Drupal Core double-encoded 'destination' parameter open redirect vulnerability

Drupal is a free and open source content management system developed in PHP. An open redirection vulnerability exists in the Drupal Core double encoding of the 'destination' parameter.The Drupal 6 'drupalgoto' function fails to correctly decode the content of $REQUEST'destination' when used,...

7.4CVSS7AI score0.01352EPSS
Exploits0References1
OSV
OSV
added 2016/03/28 11:59 p.m.4 views

CVE-2016-1314

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager CDM 8.11 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760...

6.1CVSS5.9AI score0.00792EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.6 views

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to inject any Web or HTML code.

The vulnerability of the application interface of the IBM WebSphere Portal servers exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...

4.3CVSS6.8AI score0.0102EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.10 views

The vulnerability of the Moodle learning management system allows a hacker to replace a user during a session.

The vulnerability of the admin/registration/register.php function in the Moodle learning management system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to replace a user during a session by sending a request that sends statistics to...

4.3CVSS5.7AI score0.00686EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.7 views

The vulnerability of the Moodle learning management system allows a hacker to bypass existing access restrictions.

The vulnerability of the Moodle learning management system’s module selection involves deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions by visiting a specific URL to add or delete answers in a closed state...

4CVSS5.8AI score0.01278EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/03/02 12:0 a.m.5 views

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2016-01424)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability exists in...

6.1CVSS6AI score0.0102EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/25 12:0 a.m.4 views

Swann SRNVW-470LCD and SWNVW-470CAM License Issue Vulnerability

The Swann SRNVW-470LCD and SWNVW-470CAM are both wireless HD surveillance systems from Swann Australia. An authorization issue vulnerability exists in the Swann SRNVW-470LCD and SWNVW-470CAM, which allows remote attackers to view live video streams by accessing an unspecified URL...

5.3CVSS7AI score0.01421EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/02/24 12:0 a.m.6 views

The vulnerability of the Internet Explorer browser, which allows a violator to obtain confidential information

The vulnerability of the Hyperlink Object Library component in Internet Explorer is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to obtain confidential information through a specially crafted URL in an email message or Office docume...

4.3CVSS5.8AI score0.23657EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2016/02/23 12:0 a.m.3 views

Microsoft Visual Studio Cross-Site Request Forgery Vulnerability

Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation, USA. A cross-site request forgery vulnerability exists in Microsoft Visual Studio that allows remote attackers to construct malicious URIs, trick users into parsing them, which can be targeted to perform...

6.9AI score
Exploits0References1
Rows per page
Query Builder