Lucene search
K

2352 matches found

Veracode
Veracode
added 2017/05/03 8:17 a.m.14 views

Sybil Attacks

github.com/nebulouslabs/sia is vulnerable to sybil attacks. The attacks can be easily triggered because it does not prevent multiple connections from the same IP address. When bootstrap nodes are "full" i.e., 128 connections, it does not accept any new peers without disconnecting its current peer...

6.7AI score
Exploits0
Oracle linux
Oracle linux
added 2017/01/20 12:0 a.m.92 views

java-1.8.0-openjdk security update

1:1.8.0.121-0.b13 - Update to aarch64-jdk8u121-b13. - Update PR1834/RH1022017 fix to reduce curves reported by SSL to apply against u121. - Re-generate RH1393047 ObjectInputStream patch against u121. - Resolves: rhbz1410612 1:1.8.0.112-0.b16 - Update to aarch64-jdk8u112-b16. - Drop upstreamed...

9.6CVSS2.3AI score0.32839EPSS
Exploits6
0day.today
0day.today
added 2016/12/01 12:0 a.m.22 views

e107 2.1.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications e107 Content Management System CMS - Multiple Issues Affected Versions ================= e107 2.1.2 Bootstrap CMS Issue Overview ============== Vulnerability Type: Multiple Vulnerabilities Technical Risk: medium Likelihood of Exploitation:...

0.1AI score
Exploits0
Oracle linux
Oracle linux
added 2016/11/09 12:0 a.m.90 views

java-1.7.0-openjdk security update

1:1.7.0.121-2.6.8.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.121-2.6.8.0 - Turn off HotSpot bootstrap to see if it resolves build issues. - Resolves: rhbz1381990 1:1.7.0.121-2.6.8.0 - Bump to 2.6.8 and u121b00. - Drop patches S7081817, S8140344, S8145017 and S8162344 applied upstream. - Update...

9.6CVSS1.2AI score0.05437EPSS
Exploits0
Drupal
Drupal
added 2016/11/02 12:0 a.m.20 views

Bootstrap - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-058

The Bootstrap theme enables you to integrate the Bootstrap framework with Drupal. The theme does not sufficiently filter potential user-supplied data when it's passed to certain templates can which lead to a Persistent Cross Site Scripting XSS vulnerability. CVE identifiers issued ACVE identifier...

6.2AI score
Exploits0References12
CNVD
CNVD
added 2016/11/01 12:0 a.m.1 views

Multiple Cross-Site Scripting Vulnerabilities in Wordpress Plugin tiny-bootstrap-elements-light

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the Wordpress plugin tiny-bootstrap-elements-light. The program fails to filter user-supplied input, allowing...

6.4AI score
Exploits0
RubySec
RubySec
added 2016/07/27 12:0 a.m.34 views

XSS vulnerability via data-target in bootstrap-sass

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...

6.1CVSS3.1AI score0.0404EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2016/07/27 12:0 a.m.38 views

XSS vulnerability via data-target in bootstrap

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...

6.1CVSS2.9AI score0.0404EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2016/07/21 12:0 a.m.2 views

TYPO3 Bootstrap Package Extension Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Bootstrap Package is one of the plugins that configures the front-end theme extension. A cross-site scripting vulnerability exists in versions of TYPO3 Bootstrap Package...

6.7AI score
Exploits0References1
Node.js
Node.js
added 2016/07/20 9:9 p.m.38 views

Cross-Site Scripting

Overview All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has...

1.6AI score0.0067EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/01/25 12:0 a.m.111 views

openSUSE Security Update : xen (openSUSE-2016-34)

This update for xen fixes the following security issues : - CVE-2015-8550: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: qemu: usb: infinite loop in ehciadvancestate results in DoS boo959006 - CVE-2015-7549: qemu pci: NULL pointer dereference...

10CVSS6.8AI score0.03115EPSS
Exploits3References31
Debian
Debian
added 2015/09/20 4:36 p.m.21 views

[SECURITY] [DLA 312-1] libtorrent-rasterbar security update

Package : libtorrent-rasterbar Version : 0.14.10-2+deb6u1 CVE ID : CVE-2015-5685 Debian Bug : 797046 The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." Note while this CV...

7.5CVSS7.4AI score0.05511EPSS
Exploits0
NVD
NVD
added 2015/08/13 2:59 p.m.17 views

CVE-2015-5685

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

7.5CVSS7.4AI score0.05511EPSS
Exploits0References3
OSV
OSV
added 2015/08/13 2:59 p.m.2 views

DEBIAN-CVE-2015-5685

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

7.5CVSS7.9AI score0.05511EPSS
Exploits0References1
OSV
OSV
added 2015/08/13 2:59 p.m.2 views

UBUNTU-CVE-2015-5685

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

7.5CVSS6.2AI score0.05511EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2015/08/13 2:59 p.m.25 views

CVE-2015-5685

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

7.5CVSS6.2AI score0.05511EPSS
Exploits0References1
Prion
Prion
added 2015/08/13 2:59 p.m.19 views

Input validation

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

7.5CVSS8AI score0.05511EPSS
Exploits0References3
CVE
CVE
added 2015/08/13 2:0 p.m.84 views

CVE-2015-5685

CVE-2015-5685 affects the BitTorrent DHT bootstrap server (bootstrap-dht) and the libtorrent-rasterbar codebase. The vulnerability arises in the lazy_bdecode function, where improper indexing can allow a remote attacker to execute arbitrary code via a crafted packet. Several advisories reference ...

7.5CVSS7.5AI score0.05511EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2015/08/13 2:0 p.m.16 views

CVE-2015-5685

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

7.5CVSS7.3AI score0.05511EPSS
Exploits0
CNVD
CNVD
added 2015/08/04 12:0 a.m.5 views

BitTorrent Bootstrap Remote Code Execution Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol by BitTorrent Inc. in the U.S. BitTorrent Bootstrap aka bootstrap-dht is one of the DHT Distributed Hash Table bootstrap servers. network node hash list bootstrap into BitTorrent. A remote...

7.5CVSS8.6AI score0.05511EPSS
Exploits0References1
Rows per page
Query Builder