Lucene search
+L

144 matches found

mscve
mscve
added 2019/07/09 7:0 a.m.31 views

DirectWrite Information Disclosure Vulnerability

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the...

5.5CVSS1.4AI score0.01742EPSS
Exploits0
mscve
mscve
added 2019/07/09 7:0 a.m.29 views

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

6.5CVSS1.8AI score0.06728EPSS
Exploits0
prion
prion
added 2019/05/29 6:29 p.m.28 views

Heap overflow

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...

4.3CVSS6.6AI score0.33647EPSS
Exploits0References2Affected Software2
cvelist
cvelist
added 2019/05/29 5:20 p.m.40 views

CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...

4.3CVSS6.6AI score0.33647EPSS
Exploits0References2
mscve
mscve
added 2019/05/14 7:0 a.m.27 views

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

6.5CVSS1.8AI score0.1232EPSS
Exploits0
threatpost
threatpost
added 2019/04/12 4:56 p.m.70 views

Romanian Duo Convicted of Malware Scheme Infecting 400,000 Computers

A Romanian duo has been convicted for infecting hundreds of thousands of computers with malware that scooped up credentials and financial information, and scamming victims out of millions of dollars. The two, Bogdan Nicolescu, 36, and Radu Miclaus, 37, were convicted by a federal jury in Ohio on...

1.3AI score
Exploits0References5
prion
prion
added 2018/12/06 2:29 p.m.17 views

Code injection

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413...

2.1CVSS3.3AI score0.00354EPSS
Exploits0References2Affected Software1
openvas
openvas
added 2018/11/29 12:0 a.m.38 views

NETGEAR Devices RCE Vulnerability

Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

10CVSS9.8AI score0.98325EPSS
Exploits5References5
hackerone
hackerone
added 2018/08/02 10:47 a.m.128 views

Node.js third-party modules: Code Injection Vulnerability in zombie Package

I would like to report a code injection vulnerability in zombie. It allows crawled websites to access privileged APIs such as the file system or child process. Module module name: zombie version: 6.1.2 npm page: https://www.npmjs.com/package/zombie Module Description Insanely fast, headless...

0.7AI score
Exploits0
osv
osv
added 2018/07/04 8:29 a.m.5 views

CVE-2018-13134

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATHINFO to the /webpages/data URI...

6.1CVSS5.8AI score0.02328EPSS
Exploits2References2
prion
prion
added 2018/07/04 8:29 a.m.22 views

Design/Logic Flaw

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATHINFO to the /webpages/data URI...

4.3CVSS6AI score0.02328EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2018/07/04 8:0 a.m.25 views

CVE-2018-13134

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATHINFO to the /webpages/data URI...

6.1AI score0.02328EPSS
Exploits2References2
nvd
nvd
added 2017/12/22 5:29 p.m.19 views

CVE-2017-15308

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run...

8.8CVSS8.7AI score0.00878EPSS
Exploits0References1
prion
prion
added 2017/12/22 5:29 p.m.11 views

Input validation

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run...

6.8CVSS8.7AI score0.00878EPSS
Exploits0References1Affected Software1
prion
prion
added 2017/10/06 1:29 a.m.21 views

Design/Logic Flaw

A Host Header Injection vulnerability in Trend Micro OfficeScan XG 12.0 may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages...

5CVSS7.5AI score0.08328EPSS
Exploits5References8Affected Software1
openbugbounty
openbugbounty
added 2017/07/04 12:10 p.m.11 views

perryvisa.com XSS vulnerability

Vulnerable URL: http://www.perryvisa.com/webPages/passportInstructions.php?procedure=1"...

6.9AI score
Exploits0
symantec
symantec
added 2017/06/13 12:0 a.m.298 views

Microsoft Internet Explorer and Edge CVE-2017-8529 Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in...

4.3CVSS6.5AI score0.14265EPSS
Exploits0References1Affected Software1
prion
prion
added 2017/04/21 3:59 p.m.18 views

Information disclosure

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages...

5CVSS7.2AI score0.0346EPSS
Exploits0References3Affected Software6
nvd
nvd
added 2017/04/21 3:59 p.m.17 views

CVE-2016-1556

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages...

7.5CVSS7.5AI score0.0346EPSS
Exploits0References3
cvelist
cvelist
added 2017/04/21 3:0 p.m.24 views

CVE-2016-1556

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages...

7.5AI score0.0346EPSS
Exploits0References3
Rows per page
Query Builder