Lucene search
+L

80 matches found

Cvelist
Cvelist
added 2020/10/27 8:52 p.m.20 views

CVE-2020-9941

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state...

7.1AI score0.02539EPSS
Exploits0References8
CVE
CVE
added 2020/10/27 8:52 p.m.102 views

CVE-2020-9941

CVE-2020-9941 pertains to Apple Mail on macOS. A remote attacker could potentially cause an unintended change of the application state. Apple fixed this in macOS Catalina 10.15.7 and Security Update 2020-005 for High Sierra and Mojave. No exploitation details or in-the-wild status are provided in...

7.5CVSS6.6AI score0.02539EPSS
Exploits0References8Affected Software5
CNVD
CNVD
added 2020/10/13 12:0 a.m.1 views

Unspecified Vulnerability in Apple macOS Catalina (CNVD-2020-65917)

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Catalina. A remote attacker can exploit the vulnerability to accidentally change the state of an application...

7.5CVSS6.7AI score0.02539EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/09/25 12:0 a.m.19 views

Apple Mac OS X Security Update (HT211849 - 03)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.02539EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2020/08/24 12:0 a.m.606 views

Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass

Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass Date: 2020-08-21 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: =3.8.0 CVE: N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser...

7AI score
Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.467 views

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass Exploit

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoin...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/21 12:0 a.m.350 views

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser Authentication Bypass Add Admin Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time t...

0.5AI score
Exploits0
OSV
OSV
added 2020/04/22 2:15 p.m.5 views

CVE-2020-11688

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session...

7.5CVSS7.1AI score0.00989EPSS
Exploits0References1
Prion
Prion
added 2020/04/22 2:15 p.m.14 views

Session fixation

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session...

5CVSS7.5AI score0.00989EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/22 1:52 p.m.20 views

CVE-2020-11688

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session...

8AI score0.00989EPSS
Exploits0References1
CVE
CVE
added 2017/12/25 9:0 p.m.62 views

CVE-2017-13903

The CVE-2017-13903 issue affects Apple iOS 11.2.1 and tvOS 11.2.1, with HomeKit’s message handling allowing a remote attacker to alter application state. Root cause: improper message handling within HomeKit enabling state changes when processing messages (Apple notes a fix via improved input vali...

7.5CVSS6.3AI score0.01059EPSS
Exploits0References5Affected Software2
Apple
Apple
added 2017/12/13 6:15 a.m.28 views

About the security content of iOS 11.2.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

7.5CVSS0.2AI score0.01059EPSS
Exploits0Affected Software1
Apple
Apple
added 2017/12/13 12:0 a.m.30 views

About the security content of tvOS 11.2.1

About the security content of tvOS 11.2.1 This document describes the security content of tvOS 11.2.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

7.5CVSS7.3AI score0.01059EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/05/11 12:0 a.m.30 views

Apache Struts Incorrect Default Exclude Pattern Vulnerability

Apache Struts is an open source architecture for building Java web applications. The Apache Struts program fails to properly default exclude patterns when using the default settings, allowing remote attackers to exploit the vulnerability against the internal application state...

7.5CVSS7AI score0.06312EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.6 views

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

3.6CVSS6AI score0.00799EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/03/31 4:47 p.m.5 views

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

3.6CVSS6AI score0.00799EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/03/31 4:47 p.m.7 views

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

3.6CVSS6AI score0.00799EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2013/04/09 12:0 a.m.31 views

Hewlett-Packard Intelligent Management Center JavaService Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the communication channel between the JavaService server and th...

6.8CVSS1.6AI score0.01901EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2010/11/30 12:0 a.m.15 views

PHPvidz Administrative Credentials Disclosure Vulnerability

This host is running PHPvidz and is prone to administrative credentials disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbphpvidzinfodiscvuln.nasl 5794 2017-03-30 13:52:29Z cfi $ PHPvidz Administrative Credentials Disclosure Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010...

7.2AI score
Exploits0References3
Exploit DB
Exploit DB
added 2010/11/24 12:0 a.m.28 views

phpvidz 0.9.5 - Administrative Credentials Disclosure

Researcher: Michael Brooks Affecting: phpvidz 0.9.5 Vulnerability: Administrative Credentials Disclosure Vendor's Homepage: http://sourceforge.net/projects/phpvidz/ phpvidz does not use a SQL database. Instead it uses a system of flat files to maintain application state. The administrative passwo...

7.4AI score
Exploits0
Rows per page
Query Builder