Lucene search
K

21 matches found

Veracode
Veracode
added 2024/11/20 3:35 a.m.10 views

Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

8.6CVSS6.4AI score0.00697EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/04 8:42 p.m.16 views

GHSA-FGXV-GW55-R5FQ Authorization Bypass Through User-Controlled Key in go-zero

Summary Hello go-zero maintainer team, I would like to report a security concerning your CORS Filter feature. Details Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses...

9.1CVSS9.2AI score0.00774EPSS
Exploits2References4
Veracode
Veracode
added 2023/07/22 9:39 a.m.24 views

Improper Input Validation

odoo is vulnerable to Improper Input Validation. The vulnerability exists due to the sandboxing issue in the library, which allows an authenticated attacker to read and write local files on the server...

8.7CVSS6.4AI score0.00644EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/19 6:15 a.m.19 views

CVE-2023-32635

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

5.5CVSS5.6AI score0.00195EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.25 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2022:0999)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0999 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

6.1CVSS7AI score0.26792EPSS
Exploits1References16
CNVD
CNVD
added 2020/11/19 12:0 a.m.3 views

McAfee Endpoint Security (ENS) Cross-Site Request Forgery Vulnerability

McAfee Endpoint Security ENS is the United States McAfee McAfee company's set of framework for providing intelligent collaboration and advanced threat defense. The framework supports the entire threat defense lifecycle of real-time communications control and actionable threat forensics and so on....

8.8CVSS7.2AI score0.00581EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/06/18 12:0 a.m.2 views

The vulnerability in the web interface of the Cisco Industrial Network Director software package allows a perpetrator to perform arbitrary actions on the vulnerable device.

The vulnerability of the Cisco Industrial Network Director software’s web interface is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device using a specially created link...

5CVSS5.4AI score0.01287EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2018/07/23 3:29 p.m.26 views

CVE-2018-1999013

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This...

6.5CVSS6.6AI score0.01773EPSS
Exploits0References1
Prion
Prion
added 2018/05/09 3:29 a.m.16 views

Cross site scripting

Severalnines ClusterControl before 1.6.0-4699 allows XSS...

4.3CVSS6.3AI score0.00647EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/12/18 1:29 a.m.17 views

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS7.5AI score0.02698EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2013/01/21 12:0 a.m.14 views

Fedora Update for drupal6-context FEDORA-2013-0246

Check for the Version of drupal6-context OpenVAS Vulnerability Test Fedora Update for drupal6-context FEDORA-2013-0246 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

5CVSS6.4AI score0.01663EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2012/10/19 12:0 a.m.10 views

Fedora Update for gitolite3 FEDORA-2012-15731

Check for the Version of gitolite3 OpenVAS Vulnerability Test Fedora Update for gitolite3 FEDORA-2012-15731 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

7.4AI score
Exploits0References2
Exploit DB
Exploit DB
added 2012/04/09 12:0 a.m.40 views

Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...

10CVSS7AI score0.79319EPSS
Exploits15
OpenVAS
OpenVAS
added 2012/04/03 12:0 a.m.27 views

IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability

The host is running IBM DB2 and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2drdareqdosvuln.nasl 6018 2017-04-24 09:02:24Z teissa $ IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

5CVSS0.02734EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2011/03/09 12:0 a.m.35 views

Ruby '#to_s' Security Bypass Vulnerability

This host is installed with Ruby and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbrubysecbypassvulnwin.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby "tos" Security Bypass Vulnerability Authors: Madhuri D Copyright: Copyright C 2011 Greenbone Networks GmbH,...

5CVSS6.8AI score0.02772EPSS
Exploits2References2
exploitpack
exploitpack
added 2010/07/14 12:0 a.m.24 views

Ad Network Script - Persistent Cross-Site Scripting

Ad Network Script - Persistent Cross-Site Scripting 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 vendor URL :http://www.kaonsoftwares.com/ Price:330EUR :O Author : Sid3^effects aKa HaRi special thanks to : r0073r...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2010/03/02 12:0 a.m.20 views

Fedora Update for pidgin FEDORA-2010-0368

Check for the Version of pidgin OpenVAS Vulnerability Test Fedora Update for pidgin FEDORA-2010-0368 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

5CVSS0.12496EPSS
Exploits5References2
seebug.org
seebug.org
added 2009/06/24 12:0 a.m.31 views

Zen Cart 1.3.8 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php ------- Zen Cart 1.3.8 Remote Code Execution http://www.zen-cart.com/ Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! A new version 1.3.8a is avaible on http://www.zen-cart.com/ BlackH : errorreportingEALL ^...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2009/03/26 12:0 a.m.30 views

VLC Media Player Stack Overflow Vulnerability (Lin-Mar09)

This host is installed with VLC Media Player and is prone to Stack Overflow Vulnerability. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayerbofvulnlinmar09.nasl 5148 2017-01-31 13:16:55Z teissa $ VLC Media Player Stack Overflow Vulnerability Lin-Mar09 Authors: Nikita MR Copyright: Copyright c...

5CVSS0.7AI score0.09216EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 1997/08/01 12:0 a.m.3 views

PT-1997-1001

Name of the Vulnerable Software and Affected Versions Mac OS versions affected versions not specified Cisco IOS versions affected versions not specified HP-UX versions affected versions not specified Tru64 UNIX versions affected versions not specified AIX versions affected versions not specified...

4CVSS6.8AI score0.31586EPSS
Exploits1References20
Rows per page
Query Builder