Lucene search
+L

609 matches found

CVE
CVE
added 2015/08/25 1:0 a.m.97 views

CVE-2015-3269

CVE-2015-3269 is an XXE vulnerability in Apache Flex BlazeDS (used by flex-messaging-core.jar in LCDS) that allows a remote attacker to read arbitrary files via an AMF message containing an XML external entity declaration with an entity reference. Affected products include BlazeDS components in A...

5CVSS7.1AI score0.0954EPSS
Exploits2References9Affected Software1
exploitpack
exploitpack
added 2014/05/19 12:0 a.m.21 views

HP Release Control - (Authenticated) XML External Entity (Metasploit)

HP Release Control - Authenticated XML External Entity Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This modu...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/05/19 12:0 a.m.27 views

HP Release Control - (Authenticated) XML External Entity (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This module take advantage of three separate vulnerabilities in order to re...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/02/14 10:37 p.m.27 views

[Charles] Web Debugging Proxy Application

Charles is a web proxy HTTP Proxy / HTTP Monitor that runs on your own computer. Your web browser or any other Internet application is then configured to access the Internet through Charles, and Charles is then able to record and display for you all of the data that is sent and received. In Web a...

7.2AI score
Exploits0
NVD
NVD
added 2013/03/29 4:8 p.m.18 views

CVE-2013-0452

Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...

6.8CVSS7.1AI score0.00636EPSS
Exploits0References3
Prion
Prion
added 2013/03/29 4:8 p.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...

6.8CVSS7.4AI score0.00636EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2013/03/29 10:0 a.m.21 views

CVE-2013-0452

Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...

7.1AI score0.00636EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.61 views

Verax NMS Password Replay Attack (CVE-2013-1351)

Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...

0.8AI score0.02008EPSS
Exploits3
Exploit DB
Exploit DB
added 2013/02/06 12:0 a.m.27 views

Verax NMS - Multiple Method Authentication Bypass

source: https://www.securityfocus.com/bid/58334/info Verax NMS is prone to multiple security-bypass and information disclosure vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and obtain sensitive information; this may aid ...

7.4AI score
Exploits0
Prion
Prion
added 2012/12/24 6:55 p.m.21 views

Sql injection

Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...

10CVSS8.1AI score0.6275EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2012/12/24 6:0 p.m.33 views

CVE-2012-5932

Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...

7.5AI score0.6275EPSS
Exploits3References4
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.40 views

[CVE-2012-4750] Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability

Title: Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability Description: EzServer is a software for audio and video streaming adopted by various companies worldwide. Version 7.0 is affected by a remote heap corruption vulnerability. Version 6.x is not affected by this issue, as does not...

1.3AI score0.08905EPSS
Exploits4
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.38 views

Ezhometech EzServer memory corruption

Memory corruption on RTMP AMF request parsing...

3.8AI score0.08905EPSS
Exploits4References1Affected Software1
Exploit DB
Exploit DB
added 2012/10/16 12:0 a.m.43 views

EZHomeTech EzServer 7.0 - Remote Heap Corruption

Title: Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability Description: EzServer is a software for audio and video streaming adopted by various companies worldwide. Version 7.0 is affected by a remote heap corruption vulnerability. Version 6.x is not affected by this issue, as does not...

9.8CVSS7AI score0.08905EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2012/01/12 12:0 a.m.4 views

Nullsoft Winamp Advanced Module Format File Buffer Overflow

A remote code execution vulnerability has been reported in Nullsoft Winamp. The vulnerability is caused due to a heap buffer overflow while handling specially crafted Advanced Module Format .amf files. A remote attacker may trigger this vulnerability by enticing a user to open a specially crafted...

3.9AI score
Exploits0
seebug.org
seebug.org
added 2011/10/28 12:0 a.m.14 views

Winamp 5.622多个远程安全漏洞

BUGTRAQ ID: 50387 Winamp是流行的通用音乐播放器。 Winamp 5.622在实现上存在多个远程漏洞,远程攻击者可利用这些漏洞执行任意代码或造成拒绝服务。 1在处理Creative Music Format CMF标头中的"iOffsetMusic"值时,inmidi.dll插件中存在错误,可被利用通过特制的MIDI文件造成堆缓冲区溢出。 2)在处理Advanced Module Format AMF标头中的"channels"值时,inmod.dl插件中存在错误,可被利用通过特制的".amf"文件造成堆缓冲区溢出。 3)在处理Nullsoft Streaming...

6.9AI score
Exploits0
Prion
Prion
added 2011/09/02 4:55 p.m.14 views

Authentication flaw

The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...

5CVSS7.5AI score0.02268EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2011/09/02 4:0 p.m.26 views

CVE-2011-2762

The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...

6.9AI score0.02268EPSS
Exploits1References6
exploitpack
exploitpack
added 2011/08/28 12:0 a.m.24 views

LifeSize Room - Command Injection (Metasploit)

LifeSize Room - Command Injection Metasploit require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the...

0.5AI score0.36116EPSS
Exploits8
CVE
CVE
added 2011/06/16 11:0 p.m.59 views

CVE-2011-2092

CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...

10CVSS6.8AI score0.06062EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder