Lucene search
K

5300 matches found

Cvelist
Cvelist
added 2018/05/24 8:0 p.m.21 views

CVE-2018-7526

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access information in the application without authenticating...

7.3AI score0.01277EPSS
Exploits0References1
OSV
OSV
added 2018/05/22 3:29 p.m.16 views

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

7.5CVSS7.8AI score
Exploits0References3
NVD
NVD
added 2018/05/22 3:29 p.m.12 views

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

7.5CVSS8AI score0.0213EPSS
Exploits0References3
Prion
Prion
added 2018/05/22 3:29 p.m.14 views

Code injection

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

6CVSS7.5AI score0.0213EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/05/22 3:0 p.m.123 views

CVE-2018-11322

CVE-2018-11322 relates to Joomla! Core up to version 3.8.7 where PHAR files can be treated by the webserver as executable PHP scripts depending on server configuration. Connected sources confirm Joomla! 3.x line variants (up to 3.8.7) are affected by multiple vulnerabilities, including issues aro...

7.5CVSS7.6AI score0.0213EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/05/22 3:0 p.m.18 views

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

7.8AI score0.0213EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/05/14 11:0 p.m.19 views

CVE-2018-11091

An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...

7.3AI score0.03773EPSS
Exploits1References5
The Coalfire Blog
The Coalfire Blog
added 2018/05/09 5:40 p.m.16 views

Microsoft Word Document Upload to Stored XSS: A Case Study

Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I cant get a backdoor...

6.2AI score
Exploits0
Symantec
Symantec
added 2018/05/08 12:0 a.m.35 views

Microsoft Windows Device Guard CVE-2018-0958 Local Security Bypass Vulnerability

Description Microsoft Windows is prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems...

1.9AI score0.01309EPSS
Exploits0Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2018/05/04 12:0 a.m.22 views

Trend Micro Smart Protection Server BWListMgmt SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Smart Protection Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of parameters provided to wcs\bwlists\handler.php. The...

9CVSS4AI score0.15217EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/02 12:0 a.m.2 views

Huawei E5771h-937 Denial of Service Vulnerability

The Huawei E5771h-937 is a portable wireless router from Huawei China. A denial of service vulnerability exists in Huawei E5771h-937 E5771h-937TCPU-V200R001B328D62SP00C1133 prior and E5771h-937TCPU-V200R001B329D05SP00C1308 prior. An attacker can exploit this vulnerability to cause a denial of...

6.5CVSS6.7AI score0.00372EPSS
Exploits0References1
Huawei
Huawei
added 2018/04/28 12:0 a.m.22 views

Security Advisory - DoS Vulnerability in Some Huawei MBB Products

Some Huawei MBB Mobile Broadband products have a Denial of Service DoS vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a Do...

6.5CVSS6.4AI score0.00372EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2018/04/24 12:0 a.m.10 views

Adobe Flash - Info Leak in Image Inflation

Adobe Flash - Info Leak in Image Inflation The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png. Proof...

Exploits0
0day.today
0day.today
added 2018/04/24 12:0 a.m.68 views

Adobe Flash - Info Leak in Image Inflation Exploit

Exploit for multiple platform in category dos / poc The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist:...

7.6AI score0.23432EPSS
Exploits2
Exploit DB
Exploit DB
added 2018/04/24 12:0 a.m.31 views

Adobe Flash - Info Leak in Image Inflation

The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png. Proof of Concept:...

7.4AI score
Exploits0
Securelist
Securelist
added 2018/04/23 10:0 a.m.299 views

Energetic Bear/Crouching Yeti: attacks on servers

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial sectors. Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more...

8.5AI score
Exploits0
OSV
OSV
added 2018/04/20 8:29 p.m.7 views

CVE-2014-10073

The createresponse function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory...

7.5CVSS7.5AI score
Exploits0References5
OSV
OSV
added 2018/04/20 8:29 p.m.1 views

DEBIAN-CVE-2014-10073

The createresponse function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory...

7.5CVSS7.3AI score0.02261EPSS
Exploits0References1
OSV
OSV
added 2018/04/20 8:29 p.m.2 views

UBUNTU-CVE-2014-10073

The createresponse function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory...

7.5CVSS7.1AI score0.02261EPSS
Exploits0References6
Cvelist
Cvelist
added 2018/04/20 8:0 p.m.20 views

CVE-2014-10073

The createresponse function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory...

7.5AI score0.02261EPSS
Exploits0References4
Rows per page
Query Builder