Lucene search
K

114 matches found

OSV
OSV
added 2018/12/24 5:29 p.m.4 views

CVE-2018-18960

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack...

5.9CVSS5.8AI score0.00906EPSS
Exploits1References1
Prion
Prion
added 2018/12/03 6:29 a.m.16 views

Design/Logic Flaw

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...

4CVSS6.4AI score0.01239EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2018/03/06 12:0 a.m.68 views

Memcached - memcrashed Denial of Service Exploit

Exploit for linux platform in category dos / poc Written by Alex Conrey Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44254.zip This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/03/02 7:55 a.m.187 views

Biggest-Ever DDoS Attack (1.35 Tbs) Hits Github Website

On Wednesday, February 28, 2018, GitHub's code hosting website hit with the largest-ever distributed denial of service DDoS attack that peaked at record 1.35 Tbps. Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attac...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/02 12:0 a.m.28 views

SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2017:1473-1)

This update for strongswan fixes the following issues : - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service bsc1039514 - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service bsc1039515 - IKEv1 protocol is vulnerable to DoS...

7.5CVSS6.8AI score0.02222EPSS
Exploits0References8
ArchLinux
ArchLinux
added 2017/05/21 12:0 a.m.27 views

[ASA-201705-19] fop: xml external entity injection

Arch Linux Security Advisory ASA-201705-19 ========================================== Severity: Medium Date : 2017-05-21 CVE-ID : CVE-2017-5661 Package : fop Type : xml external entity injection Remote : Yes Link : https://security.archlinux.org/AVG-254 Summary ======= The package fop before...

7.9CVSS0.8AI score0.0296EPSS
Exploits1References3
0day.today
0day.today
added 2017/04/19 12:0 a.m.77 views

Apache XML Graphics FOP 2.1 Information Disclosure Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-5661: Apache XML Graphics FOP information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: FOP 1.0 - 2.1 Description: Files lying on the filesystem of the server which uses batik...

7.9CVSS7.4AI score0.0296EPSS
Exploits1
NVD
NVD
added 2017/04/18 2:59 p.m.9 views

CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

7.9CVSS7.2AI score0.0296EPSS
Exploits1References4
OSV
OSV
added 2017/04/18 2:59 p.m.2 views

DEBIAN-CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

7.3CVSS7.3AI score0.0296EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/04/18 2:0 p.m.34 views

CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

7.3AI score0.04118EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2017/04/18 12:0 a.m.15 views

CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

7.9CVSS7.1AI score0.0296EPSS
Exploits1References3
Hacker One
Hacker One
added 2017/04/17 6:22 p.m.17 views

Ubiquiti Inc.: UBNT Amplification DDOS Attack

Denial of Service attack in airMAX prior to 8.3.2 , airMAX prior to 6.0.7 and EdgeMAX prior to 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks...

5.2AI score
Exploits0
CNVD
CNVD
added 2016/03/29 12:0 a.m.5 views

Drupal Core Violence Amplification Attack Vulnerability

Drupal is a free and open source content management system developed in PHP. A brute force amplification attack vulnerability exists in Drupal Core.The XML-RPC system allows a large number of calls to the same method to be done once, which can be used as a factor in favor in a brute force attack...

7.5CVSS6.9AI score0.01426EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.24 views

Brute force amplification attacks via XML-RPC

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.01426EPSS
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/25 5:45 a.m.2 views

CG-WLNCM4G may behave as an open resolver

Overview CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.8CVSS6.5AI score0.01599EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/25 12:0 a.m.46 views

JVN#51250073: CG-WLNCM4G may behave as an open resolver

CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. Impact The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack. Solution Do not use CG-WLNCM4G As of December 25,...

5.8CVSS5.5AI score0.01599EPSS
Exploits0
ThreatPost
ThreatPost
added 2015/10/22 2:21 p.m.13 views

Novel NTP Attacks Roll Back Time

Sharon Goldberg remembers the cold February day when her Boston University PhD candidate Aanchal Malhotra was studying routing security, in particular, attacks against the resource public key infrastructure RPKI—and kept hitting a dead end because of a cache-flushing issue. The resourceful Malhot...

0.2AI score
Exploits0References6
Packet Storm
Packet Storm
added 2015/07/17 12:0 a.m.29 views

NetBIOS NBSTAT Name Query Reflection Denial Of Service

!/usr/bin/perl NetBios NBSTAT name query reflection dos Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous program is for Educational purpose ONLY. Do not use it without permission. The usual...

0.4AI score
Exploits0
0day.today
0day.today
added 2015/07/11 12:0 a.m.29 views

NTPD MON_GETLIST Query Amplification Denial of Service Exploit

Exploit for multiple platform in category dos / poc !/usr/bin/perl ntp MONGETLIST query amplification ddos Copyright 2015 c Todor Donev email protected http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg A Network Time Protocol NTP Amplification attack is an emerging form of...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2015/07/10 12:0 a.m.27 views

NTPD - MON_GETLIST Query Amplification Denial of Service

NTPD - MONGETLIST Query Amplification Denial of Service !/usr/bin/perl ntp MONGETLIST query amplification ddos Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg A Network Time Protocol NTP Amplification attack is an emergin...

Exploits0
Rows per page
Query Builder