Lucene search
K

1190 matches found

OSV
OSV
added 2018/02/08 7:29 a.m.4 views

CVE-2018-0120

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

4.3CVSS5.8AI score0.01422EPSS
Exploits0References3
Prion
Prion
added 2018/01/30 8:29 p.m.13 views

Design/Logic Flaw

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

6.5CVSS7.1AI score0.03741EPSS
Exploits2References4Affected Software1
Huawei
Huawei
added 2017/12/13 12:0 a.m.43 views

Security Advisory - Memory Leak Vulnerability in Some Huawei FireWall Products

Some Huawei FireWall products have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.Vulnerability ID:...

5.5CVSS5.5AI score0.00211EPSS
Exploits0Affected Software2
OSV
OSV
added 2017/12/07 3:29 p.m.3 views

CVE-2017-1487

IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626...

6.5CVSS5.8AI score0.01148EPSS
Exploits0References3
OSV
OSV
added 2017/11/30 9:29 a.m.2 views

CVE-2017-12331

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

6.7CVSS5.8AI score0.00233EPSS
Exploits0References3
Prion
Prion
added 2017/11/30 9:29 a.m.9 views

Information disclosure

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would...

4CVSS4.7AI score0.01239EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/11/09 2:29 p.m.3 views

UBUNTU-CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

7.8CVSS7.3AI score0.42831EPSS
Exploits5References9
Prion
Prion
added 2017/10/18 6:29 p.m.20 views

Directory traversal

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to...

4CVSS6.2AI score0.06168EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2017/09/07 9:0 p.m.103 views

CVE-2017-12227

CVE-2017-12227 corresponds to a blind SQL injection in the Cisco Emergency Responder SQL database interface. The vulnerability arises from failure to validate user-supplied input used in SQL queries, allowing an authenticated, remote attacker to craft URLs containing SQL statements and potentiall...

5.5CVSS6AI score0.00968EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/07/17 9:0 p.m.38 views

CVE-2017-6738

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

8.8CVSS9.1AI score0.1055EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/06/29 12:0 a.m.58 views

Microsoft Security Advisory 4033453: Vulnerability in Azure AD Connect Could Allow Elevation of Privilege

The version of Azure Active Directory AD Connect installed on the remote Windows host is prior to 1.1.553.0, and the password writeback setting is enabled. It is, therefore, affected by an elevation of privilege vulnerability due to improper permissions being granted when enabling the password...

8.1CVSS7.8AI score0.0362EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2017/06/26 12:0 a.m.2 views

Trend Micro SafeSync for Enterprise license Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameter sent to the license end point. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the...

3.6AI score
Exploits0
Prion
Prion
added 2017/06/15 1:29 a.m.21 views

Information disclosure

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka...

1.9CVSS4.7AI score0.0511EPSS
Exploits39References3Affected Software4
CVE
CVE
added 2017/06/09 4:0 p.m.42 views

CVE-2016-4908

CVE-2016-4908 affects Cybozu Garoon 3.0.0–4.2.2, where an access restriction flaw in the RSS settings allows remote authenticated attackers to bypass protections and alter or delete another user’s private RSS settings via unspecified vectors. The OpenVAS/JVN entries and CVE records corroborate an...

4.3CVSS4.6AI score0.0113EPSS
Exploits0References4Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/28 4:45 p.m.12 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure. Ref PAN-70541 / CVE-2017-7644 Successfully exploiting this issue...

6.5CVSS6.8AI score0.0102EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.26 views

CVE-2016-9461

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to...

4.7AI score0.02EPSS
Exploits1References9
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.87 views

Windows SMB Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most...

9.3CVSS3.4AI score0.9923EPSS
Exploits55
OSV
OSV
added 2017/02/06 5:59 p.m.2 views

DEBIAN-CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

5.5CVSS6.3AI score0.00434EPSS
Exploits2References1
Prion
Prion
added 2017/02/06 3:59 p.m.14 views

Cross site scripting

XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter...

3.5CVSS5.1AI score0.00551EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/02/06 3:0 p.m.23 views

CVE-2017-5875

XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter...

5.4AI score0.00551EPSS
Exploits1References2
Rows per page
Query Builder