Lucene search
K

65 matches found

NVD
NVD
added 2019/11/14 5:15 p.m.16 views

CVE-2019-15436

The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...

7.8CVSS7.4AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.12 views

Code injection

The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...

4.6CVSS7.3AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/14 4:26 p.m.17 views

CVE-2019-15436

The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...

7.4AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 4:26 p.m.48 views

CVE-2019-15436

The CVE pertains to Samsung A8+ (jackpot2ltexx/jackpot2lte:8.0.0 Release) where a pre-installed component in com.samsung.android.themecenter can be invoked by other pre-installed apps to install software. The surface requires signatureOrSystem permissions and is exploitable by any pre-installed a...

7.8CVSS7.3AI score0.0031EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/06/28 12:0 a.m.1 views

Arbitrary File Read Vulnerability in Zhiyuan A8-V5

Zhiyuan A8-V5 is a collaborative office platform that realizes efficient business management of enterprises. Zhiyuan A8-V5 has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2019/06/26 12:0 a.m.1 views

Remote Command Execution Vulnerability in Zhiyuan A8+ Collaboration Management Software

Zhiyuan Internet is a provider of collaboration management software and cloud services in China, specializing in the field of collaboration management software. A remote command execution vulnerability exists in Zhiyuan A8+ collaboration management software. An attacker can Getshell the target...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.21 views

Beckhoff CX9020-011T Industrial Computer Detection

Binary data 763526.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.10 views

Rockwell Automation 1715-A8 Chassis

Binary data 753634.prm...

7.3AI score
Exploits0References1
Packet Storm
Packet Storm
added 2018/12/05 12:0 a.m.34 views

Google Allo Denial Of Service

Google Allo - Denial of Service, 0day My + Discovered by: KnocKout Greetz: Ne0-h4ck3r, BARCOD3, Septemb0x Contact : [email protected] - http://cyber-warrior.org Software info |Application : Google Allo |Affected Version : Latest version as of 03.12.2018 |Developer : http://www.google.com...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.71 views

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass

/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/03/31 9:32 a.m.15 views

a8.fandal.cz XSS vulnerability

Open Bug Bounty ID: OBB-594351 Description| Value ---|--- Affected Website:| a8.fandal.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
0day.today
0day.today
added 2017/12/02 12:0 a.m.54 views

WAGO PFC 200 SERIES Multiple Vulnerabilities

Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...

0.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/11/30 2:53 a.m.15 views

eservice.gov.bd XSS vulnerability

Open Bug Bounty ID: OBB-442714 Description| Value ---|--- Affected Website:| eservice.gov.bd Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
CNVD
CNVD
added 2017/02/21 12:0 a.m.3 views

Weak Password Vulnerability in Some Users of Zhiyuan Synergy A8 System

Zhiyuan A8 system is an OA office management software. A weak password vulnerability exists in some users of Zhiyuan Synergy A8 system. An attacker is allowed to utilize the weak password 123456 to log in to the system background and obtain administrator privileges...

7AI score
Exploits0
seebug.org
seebug.org
added 2016/07/20 12:0 a.m.18 views

Zhiyuan A8-V5 co-management system universal password vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/23 12:0 a.m.463 views

致远A8协同系统存在任意用户密码修改漏洞(秒改)

简要描述: 不仅仅修改密码,还可以禁用、删除、添加用户 上传下载文件等等 详细说明: 协同系统的一些接口如下: 1.2 验证服务 服务名称:authorityService WSDL:http://host:port/seeyon/services/authorityService?wsdl 1.2.1 登录验证 ... 身份验证令牌实体(UserToken) ... 身份验证 使用用户名和密码进行身份验证。 用户名不能更改,必须使用 ,缺省密码为...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/12/18 12:0 a.m.19 views

WordPress Sender 0.7 Cross Site Scripting / Cross Site Request Forgery Vulnerabilities

Exploit for php platform in category web applications WordPress Sender 0.7 Cross Site Scripting / Cross Site Request Forgery Vulnerabilities Plugin Name : Sender Effected Version : 0.7 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/10 12:0 a.m.455 views

用友致远A8协同管理软件 status.jsp 敏感信息泄漏

致远A8-m协同管理软件,是一套可以帮助大型组织、集团型企业、政府单位以及涉外组织,解决上述问题的协同办公管理软件。 漏洞分析: 致远A8-m协同管理软件对敏感文件的访问控制不当导致大量敏感信息泄漏。 漏洞利用: http://x.x.x.x/seeyon/management/status.jsp 该地址为性能监控后台,存在未授权访问...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/08 12:0 a.m.38 views

致远A8-V5协同管理软件日志信息泄露

致远A8-V5日志信息泄露,包括UC认证信息和ctp信息,ctp日志内含有密码信息一、ctp信息泄露包含系统内运行信息,如某某用户登录,某某用户操作功能等等http://a8v51.seeyon.com/seeyon/logs/ctp.log可以利用此处泄露信息获取系统内大量账户信息,包括密码信息二、UC认证信息泄露,包括token等信息http://a8v51.seeyon.com/seeyon/logs/uc.log如果UC配置在互联网或者本地恶意员工利用可以劫持UC登录。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/31 12:0 a.m.290 views

致远A8-V5存在任意用户密码修改漏洞

简要描述: 致远A8-V5存在两个漏洞 一是无视验证码撞库 二是任意用户密码修改 详细说明: 一是无视验证码撞库 致远A8-V5在设计时存在逻辑错误,用户修改密码时对原密码进行了验证,但是验证使用的服务存在未授权访问漏洞,系统对非合法请求的原密码验证功能进行回应,导致了无视验证码,无需login页面进行密码尝试 二是任意用户密码修改 致远A8-V5在设计时存在逻辑错误,在上一步对原始密码进行验证后,下一步不再检测原始密码,从而直接修改用户密码,导致平行权限的越权漏洞。 漏洞证明: 一是无视验证码撞库 POST穷举用户和密码代码如下 GET...

7.1AI score
Exploits0
Rows per page
Query Builder