Lucene search
K

674 matches found

Oracle linux
Oracle linux
added 2018/04/05 12:0 a.m.44 views

kubernetes security update

1.9.1-2.1.5 - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from Orabug 27125915 1.9.1-2.1.4.dev - Make sure worker node upgrade properly - Orabug 27649898 1.9.1-2.1.3.dev - Ensure that the runtime mounts RO volumes read-only CVE-2017-1002102 - Update Dashboard version...

9.6CVSS7.6AI score0.11586EPSS
Exploits2
Fedora
Fedora
added 2018/03/30 1:31 p.m.12 views

[SECURITY] Fedora 28 Update: kst-2.0.8-20.fc28

Kst is a real-time data viewing and plotting tool with basic data analysis functionality. Kst contains many powerful built-in features and is expandable with plugins and extensions. Main features of kst include: Robust plotting of live "streaming" data. Powerful keyboard and mouse plot...

1.5AI score
Exploits0
Citrix
Citrix
added 2018/03/12 12:0 a.m.16 views

How to Sysprep PVS images before they are streamed to Target Devices.

Question: Is needed to run Sysprep on PVS images? Answer: It is not needed to run Sysprep on PVS/MCS images since they both have their own version/method built-in to Sysprep the images. Also, it is not recommended to run Sysprep on PVS or MCS machines since it is not needed...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/02/23 12:0 a.m.29 views

Disk Savvy Enterprise 10.4.18 Buffer Ovreflow Exploit

This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86. This module requires...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2018/02/14 8:35 p.m.39 views

Disk Savvy Enterprise v10.4.18

This module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise v10.4.18, caused by improper bounds checking of the request sent to the built-in server. This module has been tested successfully on Windows 7 SP1 x86. This module requires Metasploit:...

9.8CVSS0.6AI score0.20111EPSS
Exploits6
Saint
Saint
added 2018/01/02 12:0 a.m.21 views

Huawei UPnP DeviceUpgrade command injection

Added: 01/02/2018 BID: 102344 Background Huawei home routers support the DeviceUpgrade service type over the Universal Plug and Play UPnP protocol to facilitate upgrading of firmware. Problem A remote authenticated attacker can execute arbitrary commands injected into the NewStatusURL XML element...

8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/12/26 2:9 p.m.11 views

custombuiltrods.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-459149 Description| Value ---|--- Affected Website:| custombuiltrods.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

6.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/11/21 4:30 p.m.21 views

Build-Your-Own Data Masking. Yes or No?

A lot of organizations are taking great strides to protect their sensitive data with a multi-layered strategy—one that includes data masking. We’ve even seen many tackling this critical data security component in DIY fashion, often tasking one resource with developing and implementing scripts to...

6.7AI score
Exploits0
HackRead
HackRead
added 2017/11/07 11:34 p.m.29 views

Chinese Keyboard Developer Spies on User Through Built-in Keylogger

By Waqas A Chinese mechanical keyboard manufacturer MantisTek has been caught in the This is a post from HackRead.com Read the original post: Chinese Keyboard Developer Spies on User Through Built-in Keylogger...

7AI score
Exploits0
OSV
OSV
added 2017/09/29 1:34 a.m.4 views

CVE-2017-8448

An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges...

8.8CVSS5.8AI score0.00844EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/09/06 8:36 p.m.5 views

kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user

It was discovered that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyri...

4.4CVSS7.2AI score0.00261EPSS
Exploits0References4
OSV
OSV
added 2017/08/30 6:29 p.m.2 views

CVE-2017-12711

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.220170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges...

7.8CVSS7.2AI score0.0035EPSS
Exploits0References2
CNVD
CNVD
added 2017/08/30 12:0 a.m.2 views

Advantech WebAccess Elevation of Privilege Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An elevation of privilege vulnerability exists in Advantec...

7.8CVSS8AI score0.0035EPSS
Exploits0References1
ALT Linux
ALT Linux
added 2017/06/21 12:0 a.m.39 views

Security fix for the ALT Linux 9 package openvpn version June

June 21, 2017 Nikolay A. Fetisov 2.4.3-alt1 - New version - Security fixes: + CVE-2017-7522 Post-authentication --x509-track remote DoS + CVE-2017-7521 Post-authentication remote-triggerable memory leaks + CVE-2017-7521 Potential post-authentication remote code execution on servers that use the...

5CVSS7.2AI score0.05539EPSS
Exploits0
Kitploit
Kitploit
added 2017/05/28 3:47 p.m.14 views

massExpConsole - Collection of Tools and Exploits with a CLI UI

Collection of Tools and Exploits with a CLI UI What does it do? an easy-to-use user interface cli execute any adapted exploit with process-level concurrency crawler for baidu and zoomeye a simple webshell manager some built-in exploits automated more to come... Requirements GNU/Linux or MacOS, WS...

7.5AI score
Exploits0References1
seebug.org
seebug.org
added 2017/05/19 12:0 a.m.44 views

GNU Bash code execution vulnerability in path completion(CVE-2017-5932)

1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash's built-in path completion by hitting the Tab...

4.6CVSS8AI score0.00425EPSS
Exploits2
ICS
ICS
added 2017/04/06 12:0 a.m.53 views

Certec EDV GmbH atvise scada (Update A)

CVSS v3 6.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Certec EDV GmbH Equipment: atvise scada Vulnerabilities: Cross-Site Scripting, Header Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-096-01 Certec EDV GmbH...

8.8CVSS8.2AI score0.02754EPSS
Exploits0References3
CNVD
CNVD
added 2017/03/31 12:0 a.m.1 views

DzSoft PHP Editor File Enumeration Vulnerability

DzSoft PHP Editor is a tool for writing and testing PHP and HTML pages. DzSoft PHP Editor has a security vulnerability.DzSoftpe is equipped with a built-in web server for previewing PHP files when combining the "HEAD" method of HTTP requests with the directory traversal "\ ... /... /..." type of...

6.8AI score
Exploits0References1
exploitpack
exploitpack
added 2017/03/28 12:0 a.m.29 views

DzSoft PHP Editor 4.2.7 - File Enumeration

DzSoft PHP Editor 4.2.7 - File Enumeration + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product:...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/03/28 12:0 a.m.42 views

DzSoft PHP Editor 4.2.7 - File Enumeration Vulnerability

Exploit for windows platform in category remote exploits + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product:...

7.1AI score
Exploits0
Rows per page
Query Builder