Lucene search
K

2440 matches found

Packet Storm
Packet Storm
added 2015/02/18 12:0 a.m.24 views

CrushFTP 7.2.0 Cross Site Request Forgery / Cross Site Scripting

======================================================== I. Overview ======================================================== Multiple CSRF & Cross-Site Scripting XSS vulnerabilities have been identified in Crushftp 7.2.0 Web Interface on default configuration. These vulnerabilities allows an...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2015/01/30 12:0 a.m.23 views

Asus RT-N10 Plus Cross Site Scripting

Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router Author: Kaustubh G. Padwad Product: ASUS Router RT-N10 Plus Firmware: 2.1.1.1.70 Severity: Medium Auth: Requierd Description: Vulnerable Parameter: flag= Vulnerability Class: Cross Site Scripting...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/01/25 12:0 a.m.89 views

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability

================================================================================ REWTERZ-20140102 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk...

0.2AI score
Exploits0
0day.today
0day.today
added 2015/01/24 12:0 a.m.37 views

ManageEngine ServiceDesk 9.0 SQL Injection Vulnerability

ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote SQL injection vulnerability. Title: ManageEngine ServiceDesk SQL Injection Vulnerability Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version:...

8AI score
Exploits0
0day.today
0day.today
added 2015/01/24 12:0 a.m.55 views

ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability

ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls. Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product: ServiceDesk Plus http://www.manageengine.com/ Affected...

7.3AI score
Exploits0
Prion
Prion
added 2015/01/14 11:59 a.m.24 views

Session fixation

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS6.9AI score0.01902EPSS
Exploits0References39Affected Software4
RedHat Linux
RedHat Linux
added 2015/01/13 11:18 p.m.1 views

Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS7AI score0.01902EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/12/20 12:43 a.m.4 views

ntp: Multiple buffer overflows via specially-crafted packets

Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user...

7.5CVSS8AI score0.7809EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2014/10/25 12:55 a.m.6 views

CVE-2014-2021

Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...

3.5CVSS5.7AI score0.03389EPSS
Exploits4References8
Zero Day Initiative
Zero Day Initiative
added 2014/07/16 12:0 a.m.35 views

Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet exhibits an XML...

8.5CVSS7.1AI score0.02626EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Oracle Database 10.1 MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities

No description provided by source. RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities Vulnerable: v3.0.7.x Vendor: www.rj-itop.comhttp://www.rj-itop.com Category: Input Validation Error Impact: SQL injection Details: ========= Multiple SQL Injection Vulnerabilitie...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Simple Web Content Management System 1.1-1.3 - Multiple SQL Injection

No description provided by source. Exploit Title: Simple Web Content Management System SQL Injection Date: May 30th 2012 Author: loneferret Version: 1.1 & 1.3 Application Url: http://www.cms-center.com/ Tested on: Ubuntu Server 8.04 / PHP Version 5.2.4-2ubuntu5.23 Discovered by: loneferret Side...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability

No description provided by source. ============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product:...

3.5CVSS6.5AI score0.01733EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.56 views

D-Link DSR Router Series - Remote Root Shell Exploit

No description provided by source. !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N...

10CVSS9.2AI score0.09783EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities

No description provided by source. =================================================== Secur-I Research Group Security Advisory SV-2011-004 =================================================== Title: NetSaro Enterprise Messenger v2.0 Multiple Vulnerabilities Product: Enterprise Messenger Server...

7.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2014/05/30 12:0 a.m.41 views

(0Day) VMware vCenter Server Appliance Ruby vSphere Console Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of the Ruby vSphere Console RVC provided by the vCenter Server Applianc...

6CVSS7.4AI score0.02351EPSS
Exploits0
htbridge
htbridge
added 2014/03/26 12:0 a.m.26 views

SQL Injection in mAdserve

High-Tech Bridge Security Research Lab discovered multiple SQL injection vulnerabilities in mAdserve, which can be exploited to execute arbitrary SQL commands in application’s database and compromise vulnerable website. 1 SQL Injection in mAdserve: CVE-2014-2654 1.1 The vulnerability exists due t...

6.5CVSS8.4AI score0.01106EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2014/03/04 7:11 p.m.4 views

mongodb: memory over-read via incorrect BSON object length

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...

6.4CVSS7.5AI score0.03976EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2014/01/13 12:0 a.m.24 views

Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/65029/info Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to...

7.4AI score
Exploits0
Rows per page
Query Builder