Lucene search
K

182 matches found

OSV
OSV
added 2018/06/05 2:29 p.m.5 views

CVE-2016-9490

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...

6.1CVSS5.8AI score0.01732EPSS
Exploits0References4
CNVD
CNVD
added 2017/11/24 12:0 a.m.5 views

Pelco Sarix Pro Network Camera set_param Program Has an Override Access Vulnerability

pelco Sarix Professional is a video camera. An override access vulnerability exists in the pelco Sarix Pro network camera setparam program. The vulnerability allows attackers to remotely enable ssh services without authentication to take full control of the camera...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/10/19 12:0 a.m.7 views

JanTek JTC-200 Unauthorized Access Vulnerability

JanTek JTC-200 is a TCP/IP converter serial server from Taito JanTek Technology. An unauthorized access vulnerability exists in the JanTek JTC-200. An attacker can access the Busybox Linux shell via Telnet service without any authentication...

10CVSS9.4AI score0.02392EPSS
Exploits2References1
OSV
OSV
added 2017/02/13 9:59 p.m.7 views

CVE-2016-9369

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...

9.8CVSS6AI score0.0719EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/11/03 8:7 a.m.13 views

libvirt: Setting empty VNC password allows access to unauthorized users

It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authenticatio...

9.8CVSS7.3AI score0.03623EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.8 views

The vulnerability of the automated system for managing technological processes of SIMATIC WinCC OA allows a malicious individual to execute arbitrary codes without going through authentication procedures.

The vulnerability of the SIMATIC Winn CC OAM software relates to errors that occur when processing specially crafted TCP packets. Exploiting this vulnerability allows a malicious individual to execute arbitrary code by sending specially crafted packets to port 4999...

5CVSS6AI score0.05261EPSS
Exploits1References14Affected Software1
CNVD
CNVD
added 2015/07/02 12:0 a.m.6 views

Apple MAC OS X XPC entitlements elevation of privilege vulnerability

Apple Mac OS X is a commercial operating system. Apple Mac OS X checks for a security vulnerability in XPC entitlements, which allows attackers to exploit the vulnerability to gain administrative privileges without authentication...

7.2CVSS6.8AI score0.00383EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability

No description provided by source. Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs...

5.8CVSS0.03294EPSS
Exploits6
OSV
OSV
added 2012/10/01 11:55 p.m.4 views

DEBIAN-CVE-2011-4945

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication...

6.9CVSS6.6AI score0.00352EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2012/09/05 12:0 a.m.49 views

Ektron CMS 8.5.0 - Multiple Vulnerabilities

Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2012/03/07 12:0 a.m.38 views

Iciniti Store 4.3.3683.31484 SQL Injection

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/07 12:0 a.m.49 views

Iciniti Store - SQL Injection

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/02/24 12:0 a.m.42 views

Snom IP Phone Privilege Escalation - Security Advisory - SOS-12-001

Exploit for hardware platform in category web applications Snom IP Phone Privilege Escalation - Security Advisory - SOS-12-001 Product. Snom IP Phone series Platform. Hardware Affected versions. All versions prior to v8.4.35 Severity Rating. High Impact. Privilege escalation Attack Vector. Remote...

7.1AI score
Exploits0
0day.today
0day.today
added 2011/07/20 12:0 a.m.75 views

Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability

Exploit for jsp platform in category web applications Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102...

7.1AI score0.03294EPSS
Exploits6
exploitpack
exploitpack
added 2011/07/20 12:0 a.m.83 views

Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting

Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2....

5.8CVSS0.03294EPSS
Exploits6
exploitpack
exploitpack
added 2011/04/15 12:0 a.m.34 views

cPassMan 1.82 - Arbitrary File Download

cPassMan 1.82 - Arbitrary File Download Sense of Security - Security Advisory - SOS-11-004 Release Date. 15-Apr-2011 Last Update. - Vendor Notification Date. 7-Mar-2011 Product. Collaborative Passwords Manager cPassMan Platform. Independent PHP Affected versions. 1.82 verified, and possibly other...

0.1AI score
Exploits0
0day.today
0day.today
added 2011/03/29 12:0 a.m.22 views

Wordpress plugin BackWPup Remote and Local Code Execution

Exploit for php platform in category web applications Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2010 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 verified, possibly others Severity Rating. High Impact. System Access Attack Vecto...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/03/15 12:0 a.m.57 views

Cisco CiscoWorks Internetwork Performance Monitor code execution

It's possible to execute commands without authentication...

10CVSS3.5AI score0.20666EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.26 views

GLSA-200403-08 : oftpd DoS vulnerability

The remote host is affected by the vulnerability described in GLSA-200403-08 oftpd DoS vulnerability Issuing a port command with a number higher than 255 causes the server to crash. The port command may be issued before any authentication takes place, meaning the attacker does not need to know a...

5CVSS5.6AI score0.01798EPSS
Exploits0References4
exploitpack
exploitpack
added 2004/08/24 12:0 a.m.20 views

MusicDaemon 0.0.3 - Remote Denial of Service etcshadow Stealer (2)

MusicDaemon 0.0.3 - Remote Denial of Service etcshadow Stealer 2 / MusicDaemon Hello ...... bin::9797:0::::: ftp::9797:0::::: sshd::9797:0::::: ...... root@vortex:/test Server Side View: root@vortex:/test/musicdaemon-0.0.3/src ./musicd -c ../musicd.conf -p 1234 Using configuration: ../musicd.conf...

7.4AI score
Exploits0
Rows per page
Query Builder