Lucene search
+L

88 matches found

Zero Science Lab
Zero Science Lab
added 2018/09/05 12:0 a.m.652 views

NovaRad NovaPACS Diagnostics Viewer v8.5 OOB XXE File Disclosure

Summary NovaPACS revolutionary workflow infrastructure has been designed and developed using the expertise of radiology directors, technicians, PACS administrators for over 20 years. This wealth of imaging experience has lead to over 850 installations in more than 15 countries as well as key...

9.8CVSS5.8AI score0.00371EPSS
Exploits1
Prion
Prion
added 2018/08/29 7:29 p.m.17 views

Default credentials

An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account which is a low privilege account access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML...

2.7CVSS7.7AI score0.76507EPSS
Exploits4References2Affected Software1
myhack58
myhack58
added 2018/08/08 12:0 a.m.900 views

For ASP. NET resource files. RESX and deserialization vulnerability research-exploit warning-the black bar safety net

ASP. NET application resource files are typically used as a localized storage, they can be used to store user interface elements or can be easily translated string to1. These resource files are generally used. resx as the file expansion name, and when they are in. resources as files to expand the...

8AI score0.31016EPSS
Exploits0
Exploit DB
Exploit DB
added 2017/11/27 12:0 a.m.65 views

Diving Log 6.0 - XML External Entity Injection

Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...

5.5CVSS5.5AI score0.03663EPSS
Exploits5
pentestit
pentestit
added 2017/08/09 11:37 p.m.57 views

UPDATE: WarBerryPi Version 5!

PenTestIT RSS Feed If you remember, I had posted about this Red Teaming Hardware Implant in an earlier post. It now happens that it was updated and we now have WarBerryPi Version 5! As you remember, it is a Raspberry Pi based hardware implant allowing you to be stealthy during red teaming...

6.7AI score
Exploits0
Exploit DB
Exploit DB
added 2016/10/11 12:0 a.m.40 views

RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE product: RSA Enterprise Compromise Assessment Tool ECAT vulnerable version: 4.1.0.1 fixed version: 4.1.2.0 CVE Number: - impact: Medium...

7.4AI score
Exploits0
Fedora
Fedora
added 2016/09/04 12:53 a.m.13 views

[SECURITY] Fedora 24 Update: ganglia-3.7.2-10.fc24

Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format...

2.6AI score
Exploits0
seebug.org
seebug.org
added 2016/06/15 12:0 a.m.18 views

Data format extension for Jackson XmlMapper XML external entities vulnerability

No description provided by source...

7.1AI score
Exploits0
Oracle
Oracle
added 2016/04/19 12:0 a.m.106 views

Oracle Critical Patch Update Advisory - April 2016

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

10CVSS8.2AI score0.99999EPSS
Exploits54
Fedora
Fedora
added 2015/11/01 3:23 a.m.23 views

[SECURITY] Fedora 23 Update: ganglia-3.7.2-6.fc23

Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format...

9.8CVSS2.6AI score0.03562EPSS
Exploits1
Fedora
Fedora
added 2015/10/23 4:24 p.m.33 views

[SECURITY] Fedora 21 Update: ganglia-3.7.2-6.fc21

Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format...

9.8CVSS2.6AI score0.03562EPSS
Exploits1
Oracle
Oracle
added 2015/07/14 12:0 a.m.145 views

Oracle Critical Patch Update Advisory - July 2015

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

10CVSS7.7AI score0.99999EPSS
Exploits79
Fedora
Fedora
added 2015/05/11 12:8 a.m.21 views

[SECURITY] Fedora 21 Update: netcf-0.2.8-1.fc21

Netcf is a library used to modify the network configuration of a system. Network configurations are expressed in a platform-independent XML format, which netcf translates into changes to the system's 'native' network configuration files...

7.5CVSS1.3AI score0.02672EPSS
Exploits0
Fedora
Fedora
added 2015/05/10 11:38 p.m.23 views

[SECURITY] Fedora 20 Update: netcf-0.2.8-1.fc20

Netcf is a library used to modify the network configuration of a system. Network configurations are expressed in a platform-independent XML format, which netcf translates into changes to the system's 'native' network configuration files...

7.5CVSS1.3AI score0.02672EPSS
Exploits0
Oracle
Oracle
added 2014/10/14 12:0 a.m.35 views

Oracle Critical Patch Update - October 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

10CVSS8AI score0.99977EPSS
Exploits59
Oracle
Oracle
added 2014/10/14 12:0 a.m.721 views

Oracle Critical Patch Update - October 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

10CVSS0.1AI score0.99977EPSS
Exploits59Affected Software48
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5005/info SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML Extensible Markup Language format. Such queries can be sent using various methods of communication...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/06/28 12:0 a.m.44 views

Reportico Admin Credential Leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SECV-05-1402 - Reportico software admin credentials leak Product description: Reportico is a comprehensive Open Source web reporting tool written purely in PHP. Reportico provides a web-based front end screen for designing and viewing reports stored i...

5CVSS6.7AI score0.03683EPSS
Exploits1
seebug.org
seebug.org
added 2014/03/18 12:0 a.m.33 views

74cms某功能注入漏洞(有条件)

简要描述: 略鸡肋,分享出来。 详细说明: 最新版v3.4,更新时间20140310 文件/plus/weixin.php responseMsg函数,使用 $postStr = $GLOBALS"HTTPRAWPOSTDATA"; 获得了post数据。所以,可以无视GPC。 获得的数据是XML格式,我们一会发送数据包即可。 继续看该函数: if !empty$postStr $postObj = simplexmlloadstring$postStr, 'SimpleXMLElement', LIBXMLNOCDATA; $fromUsername =...

7AI score
Exploits0
Oracle
Oracle
added 2014/01/14 12:0 a.m.30 views

Oracle Critical Patch Update - January 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

10CVSS8.2AI score0.99998EPSS
Exploits50
Rows per page
Query Builder