Lucene search
K

2772 matches found

CNVD
CNVD
added 2018/01/15 12:0 a.m.9 views

PHOENIX CONTACT FL SWITCH Unauthorized Access Vulnerability

FL SWITCH is a managed Ethernet switch from the Phoenix Contact group. An unauthorized access vulnerability exists in the PHOENIX CONTACT FL SWITCH, which allows a remote, unauthenticated attacker to gain administrative privileges on the device by constructing a special HTTP request that bypasses...

10CVSS7.2AI score0.03111EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/01/12 12:0 a.m.4 views

PT-2018-4009 · D Link · D-Link Dsl-2640B +1

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2640U versions IM 1.00 and ME 1.00 D-Link DSL-2540U version ME 1.00 Description: The issue allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...

9CVSS9AI score0.41987EPSS
Exploits1References5
OSV
OSV
added 2018/01/10 1:29 a.m.5 views

CVE-2018-0790

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789...

8.8CVSS5.8AI score0.05255EPSS
Exploits0References3
OSV
OSV
added 2018/01/10 1:29 a.m.4 views

CVE-2018-0789

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790...

8.8CVSS5.8AI score0.06371EPSS
Exploits0References3
CNVD
CNVD
added 2018/01/10 12:0 a.m.8 views

Microsoft ASP.NET Core Elevation of Privilege Vulnerability (CNVD-2018-00899)

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An elevation of privilege vulnerability exists in Microsoft ASP.NET Core versio...

8.8CVSS7.4AI score0.06496EPSS
Exploits0References1
OSV
OSV
added 2018/01/09 8:29 p.m.4 views

CVE-2017-1671

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 133638...

7.5CVSS5.9AI score0.02712EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.34 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

8.8CVSS1.2AI score0.05255EPSS
Exploits0
CNVD
CNVD
added 2018/01/06 12:0 a.m.3 views

Western Digital My Cloud NAS Device Information Disclosure Vulnerability

The Western Digital MyCloud NAS is a network attached storage device. An information disclosure vulnerability exists in the Western Digital My Cloud NAS device, which allows an attacker to dump a list of all users, including detailed user information, without any authentication by sending a simpl...

6.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/01/03 10:30 a.m.7 views

undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

7.5CVSS7.4AI score0.01858EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/01/03 10:20 a.m.4 views

undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

7.5CVSS7.4AI score0.01858EPSS
Exploits0References4
CNVD
CNVD
added 2017/12/18 12:0 a.m.5 views

Rapid7 Nexpose Cross-Site Request Forgery Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. A security vulnerabili...

8.8CVSS6.8AI score0.02746EPSS
Exploits4References1
CNVD
CNVD
added 2017/12/15 12:0 a.m.7 views

Embedthis GoAhead Web Server Remote Command Execution Vulnerability

Embedthis GoAhead is an embedded Web server from Embedthis Software. A remote command execution vulnerability exists in Embedthis GoAhead Web Server versions prior to 3.6.5 due to the use of HTTP request parameters when the server initializes the CGI. A remote attacker could exploit this...

8.1CVSS7.7AI score0.96327EPSS
Exploits15References1
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.3 views

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

6.5CVSS7.2AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.4 views

undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

7.5CVSS7.4AI score0.01858EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/12/12 9:29 p.m.2 views

CVE-2017-11932

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access OWA validates web requests, aka "Microsoft Exchange Spoofing Vulnerability"...

8.1CVSS5.5AI score0.05884EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.46 views

Security Update for Microsoft SharePoint Server 2016 (December 2017)

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a...

8.8CVSS8AI score0.04194EPSS
Exploits0References2
OSV
OSV
added 2017/11/24 7:29 a.m.5 views

CVE-2017-16936

Directory Traversal vulnerability in appdatacenter on Shenzhen Tenda Ac9 USAC9V1.0BRV15.03.05.14multiTD01, Ac9 ac9kfV15.03.05.196318cn, Ac15 USAC15V1.0BRV15.03.05.18multiTD01, Ac15 USAC15V1.0BRV15.03.05.19multiTD01, Ac18 USAC18V1.0BRV15.03.05.05multiTD01, and Ac18 ac18kfV15.03.05.196318cn devices...

6.5CVSS6AI score0.01034EPSS
Exploits0References1
Prion
Prion
added 2017/11/22 8:29 a.m.13 views

Information disclosure

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...

5CVSS6.2AI score0.00866EPSS
Exploits0References1
NVD
NVD
added 2017/11/22 8:29 a.m.17 views

CVE-2017-8860

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...

6.5CVSS6.2AI score0.00866EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.4 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability

Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in Cisco Registered Envelope Service,...

6.1CVSS6.6AI score0.00868EPSS
Exploits0References1
Rows per page
Query Builder