CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2016/09/02 12:0 a.m.•23 views

Fedora 23 : 1:tomcat (2016-0a4dccdd23)

This updates includes a rebase from tomcat 8.0.32 up to 8.0.36 to resolve : - rhbz1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service and also includes the following bug fixes : - rhbz1341850 tomcat-jsvc.service has TOMCATUSER value hard-coded -...

7.8CVSS7AI score0.40246EPSS

Exploits0References2

Packet Storm•added 2016/07/06 12:0 a.m.•32 views

PrinceXML Wrapper Class Command Injection

While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using prince in server applications web applications. http://www.princexml.com/download/wrappers/ Taking a quick look at the PHP class, there are likely numerous command injection...

0.6AI score

BDU FSTEC•added 2016/07/05 12:0 a.m.•3 views

The vulnerability of the Firefox browser, which allows a malicious individual to circumvent restrictions

Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloning...

Exploits1References6Affected Software1

BDU FSTEC•added 2016/07/05 12:0 a.m.•4 views

The vulnerability of the Firefox ESR browser allows a malicious individual to circumvent restrictions

Mozilla Firefox ESR contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, due to the permission granted for...

Exploits1References5Affected Software1

BDU FSTEC•added 2016/07/05 12:0 a.m.•4 views

The vulnerability of the Thunderbird email client, which allows a malicious actor to circumvent restrictions

Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certai...

Exploits1References4Affected Software1

BDU FSTEC•added 2016/07/05 12:0 a.m.•2 views

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to circumvent restrictions

Mozilla SeaMonkey’s software contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper program module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloni...

Kitploit•added 2016/07/02 11:57 p.m.•13 views

Exploits1References5

Peach Fuzz - Vulnerability Scanning Framework

This tool aims to look through files in a given directory to detect any unsafe, vulnerable, or dangerous function calls. It is designed to be extensible and easy to understand; you can "plug-and-play" modules that specify criteria on which types of files will trigger what 'scans,' in which you...

7.4AI score

exploitpack•added 2016/06/06 12:0 a.m.•10 views

WordPress Theme Newspaper 6.7.1 - Privilege Escalation

WordPress Theme Newspaper 6.7.1 - Privilege Escalation Vendor Homepage: http://tagdiv.com/newspaper/ Software Link: http://themeforest.net/item/newspaper/5489609 Version: 6.7.1 Tested on: Debian 8, PHP 5.6.17-3 Type: WP Options Overwrite, Possible more Time line: Found 23-APR-2016, Vendor notifie...

0.6AI score

OSV•added 2016/04/25 12:59 a.m.•0 views

DEBIAN-CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

5.9CVSS6.5AI score0.16609EPSS

Tenable Nessus•added 2016/03/04 12:0 a.m.•8 views

Fedora 21 : php-5.6.14-1.fc21 (2015-366f3dd73f)

01 Oct 2015, PHP 5.6.14 Core: Fixed bug php70370 Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions. Adam CLI server: Fixed bug php68291 404 on urls with '+'. cmb DOM: Fixed bug php70001 Assigning to DOMNode::textContent does additional entity encoding. cmb Mysqlnd: Fixed bug...

5.5AI score

OSV•added 2016/02/12 5:59 a.m.•2 views

ALPINE-CVE-2016-2328

libswscale/swscaleunscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service out-of-bounds array read access or possibly have unspecified other impact via a crafted .cine file, related to the bayertorgb24wrapper and...

8.8CVSS7.5AI score0.01068EPSS

exploitpack•added 2016/01/28 12:0 a.m.•16 views

Apple Mac OSX iOS Kernel - iokit Registry Iterator Manipulation Double-Free

Apple Mac OSX iOS Kernel - iokit Registry Iterator Manipulation Double-Free / Source: https://code.google.com/p/google-security-research/issues/detail?id=598 The userspace MIG wrapper IORegistryIteratorExitEntry invokes the following kernel function: kernreturnt isioregistryiteratorexitentry...

0.2AI score

CNVD•added 2015/11/07 12:0 a.m.•2 views

Mozilla Firefox and Firefox Java applet code injection vulnerability

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox when using the Java plugin, which can be exploited by remote attackers to redistribute a specially crafted Java applet from the in-use JavaScript...

6.8CVSS9AI score0.02443EPSS