Lucene search
K

135 matches found

ATTACKERKB
ATTACKERKB
added 2020/02/25 12:0 a.m.92 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

10CVSS9.8AI score0.98946EPSS
In wildExploits37References14
The Hacker News
The Hacker News
added 2019/11/20 8:42 a.m.57 views

Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users' wallets. The latest supply-chain cyberattack was revealed on Monda...

3AI score
Exploits0
OSV
OSV
added 2019/08/07 3:15 p.m.5 views

CVE-2019-10389

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.3CVSS5.8AI score0.00615EPSS
Exploits0References2
OSV
OSV
added 2019/07/13 9:15 p.m.2 views

DEBIAN-CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS7.4AI score0.0388EPSS
Exploits1References1
Veracode
Veracode
added 2019/01/15 8:56 a.m.23 views

Remote Code Execution (RCE)

Mozilla Firefox and Thunderbird is vulnerable to remote code execution. A use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function allows a remote attacker to execute arbitrary code on a victim's system using a malicious web script. The code is executed when the victim...

9.3CVSS7.3AI score0.03498EPSS
Exploits0References15Affected Software6
OSV
OSV
added 2018/08/01 2:29 p.m.3 views

ALPINE-CVE-2018-10916

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server,...

6.5CVSS6.8AI score0.04782EPSS
Exploits1References1
NVD
NVD
added 2017/10/05 1:29 a.m.33 views

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

7.5CVSS7.5AI score0.00769EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/07/14 10:24 a.m.40 views

CVE-2017-1000085

Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...

6.5CVSS4.2AI score0.01031EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2017/05/24 11:10 a.m.14 views

Malware Network Communication Provides Better Early Warning Signal

Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better...

7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/05/31 5:56 a.m.7 views

squid: SIGSEGV in ESIContext response handling

An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...

7.5CVSS7.3AI score0.23112EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Blojsom 2.31 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20026/info Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the browser of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Prishtina FTP Client 1.x Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7671/info Prishtina FTP client is allegedly prone to a denial of service vulnerability. The condition is reportedly triggered when processing FTP server banners of excessive length. As a result, a malicious...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/05/22 12:0 a.m.221 views

Liferay Portal 6.1.0 'addUser()' Security Bypass

The version of Liferay Portal hosted on the remote web server contains a flaw in the 'UserServiceUtil' class's 'addUser' method that allows a remote, unauthenticated attacker to create new administrative users. Since administrative users can install new plugins and extensions, this may lead to...

5.9AI score
Exploits0References1
exploitpack
exploitpack
added 2006/09/14 12:0 a.m.33 views

Blojsom 2.31 - Cross-Site Scripting

Blojsom 2.31 - Cross-Site Scripting source: https://www.securityfocus.com/bid/20026/info Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the browser ...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.8 views

Mozilla POP3 Mail Handler Remote Overflow (deprecated)

Binary data 1320.prm...

7.3AI score
Exploits0
Rows per page
Query Builder