Lucene search
K

139 matches found

Veracode
Veracode
added 2020/12/06 4:1 a.m.23 views

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. An integer overflow in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM allows an attacker to exploit the vulnerability to crash the application or potentially execute arbitrary code on the...

8.8CVSS7.4AI score0.01446EPSS
Exploits1References5Affected Software1
Openbugbounty
Openbugbounty
added 2020/10/19 7:17 a.m.9 views

shelbycountybuilders.com Cross Site Scripting vulnerability OBB-1422619

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
CNVD
CNVD
added 2020/10/16 12:0 a.m.0 views

Xi'an XiMeiBo Intelligent Technology Co., Ltd. has SQL Injection Vulnerabilities in Multiple Website Building Systems

Ltd. is located in the beautiful scenery of the ancient city of Xi'an, Shaanxi Province, with a registered capital of 10 million yuan RMB, is a high-tech enterprise integrating development, manufacturing, sales and service. Xi'an Qingbo Intelligent Technology Co., Ltd. a number of station buildin...

7.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/01 10:20 a.m.8 views

charlestonbuilders.com Cross Site Scripting vulnerability OBB-1292337

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Fedora
Fedora
added 2020/08/31 3:50 p.m.40 views

[SECURITY] Fedora 32 Update: eclipse-gef-3.11.0-13.fc32

The Graphical Editing Framework GEF allows developers to create a rich graphical editor from an existing application model. GEF is completely application neutral and provides the groundwork to build almost any application, including but not limited to: activity diagrams, GUI builders, class diagr...

9.4CVSS3.8AI score0.11138EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.5 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2020/07/26 11:51 a.m.10 views

darwinbuilders.com Cross Site Scripting vulnerability OBB-1238819

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/07/24 4:28 p.m.6 views

larson-builders.com Cross Site Scripting vulnerability OBB-1236956

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/07/13 5:17 a.m.256 views

Bridging the gaps between Red and Blue teaming

Red Team, Blue Team, Purple Team, Black Team… Rainbow team? What are all of these things and what do they all mean? Is this a new case of a new found buzzword bingo or do they have a place and a purpose? The coloured teams are something that is thrown around a lot and while some of them are bette...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/06/23 12:0 a.m.5 views

Information Builders WebFOCUS Business Intelligence Cross-Site Scripting Vulnerability

Information Builders WebFOCUS Business Intelligence BI is a suite of business intelligence and analytics platforms from Information Builders, Inc. in the United States. The platform provides data analysis tools, applications, reporting and document generation. A cross-site scripting vulnerability...

6.1CVSS6.6AI score0.00668EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/14 12:0 a.m.2 views

OurPHP Omnicom website builder system background exists arbitrary file deletion vulnerability

OurPHP Aopia website building system is a enterprise + e-commerce marketing website building system. OurPHP website builder system has an arbitrary file deletion vulnerability in the background, which can be exploited by attackers to delete any file under the server...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/23 8:13 p.m.5 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/12 5:7 p.m.3 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/12 5:2 p.m.4 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/12 5:0 p.m.2 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
CNVD
CNVD
added 2020/01/16 12:0 a.m.2 views

XSS Vulnerability in Xi'an Gibbon Network Co.

Farming Builders is a new generation of SaaS cloud intelligent website building tools. Xi'an Gibbon Network Co., Ltd. station building system exists XSS vulnerability, attackers can use the vulnerability to insert malicious js code, to obtain user cookies and other information...

6.3AI score
Exploits0
Prion
Prion
added 2019/12/19 5:15 p.m.24 views

Design/Logic Flaw

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

3.5CVSS5AI score0.00494EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2019/12/11 12:0 a.m.11 views

Smart Trim - Moderately critical - Cross site scripting - SA-CONTRIB-2019-092

The Smart Trim module allows site builders additional control with text summary fields. The module doesn't sufficiently filter text when certain options are selected. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when...

6.5AI score
Exploits0References7
OSV
OSV
added 2019/08/27 5:41 p.m.1 views

GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS5.9AI score0.00776EPSS
Exploits0References15
OSV
OSV
added 2019/08/23 9:15 p.m.1 views

DEBIAN-CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS6.8AI score0.00776EPSS
Exploits0References1
Rows per page
Query Builder