Lucene search
+L

397 matches found

Tenable Nessus
Tenable Nessus
added 2020/09/30 12:0 a.m.95 views

RHEL 7 : Satellite 6.7.4 Async Bug Fix Update (Important) (RHSA-2020:4127)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4127 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...

8.8CVSS7.8AI score0.00315EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.7 views

Important: Red Hat Bug Fix Advisory: Satellite 6.7.2 Async Bug Fix Update

Updated Satellite 6.7 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...

9.8CVSS6.8AI score0.26587EPSS
Exploits5References25
OSV
OSV
added 2020/02/06 5:15 p.m.4 views

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

9.8CVSS7.3AI score0.46454EPSS
Exploits2References2
NVD
NVD
added 2020/02/06 5:15 p.m.23 views

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

9.8CVSS9.7AI score0.46454EPSS
Exploits2References2
Prion
Prion
added 2020/02/06 5:15 p.m.15 views

Design/Logic Flaw

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

7.5CVSS9.5AI score0.46454EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/02/06 4:27 p.m.31 views

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

9.7AI score0.46454EPSS
Exploits2References2
CVE
CVE
added 2020/02/06 4:27 p.m.121 views

CVE-2020-8771

The WordPress Time Capsule plugin (before 1.21.16) is affected by an authentication bypass. The issue occurs when a request contains IWP_JSON_PREFIX, causing the user to be logged in as the first administrator. Technical root cause is in wptc-cron-functions.php where parse_request calls decode_se...

9.8CVSS9.5AI score0.46454EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2020/01/31 4:15 p.m.26 views

CVE-2014-4859

Integer overflow in the Drive Execution Environment DXE phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data...

7.2CVSS6.7AI score0.00587EPSS
Exploits0References1
OSV
OSV
added 2020/01/31 4:15 p.m.7 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

6.8CVSS6.6AI score
Exploits0References1
OSV
OSV
added 2020/01/31 4:15 p.m.9 views

CVE-2014-4859

Integer overflow in the Drive Execution Environment DXE phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data...

6.8CVSS7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/01/31 4:15 p.m.35 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.8AI score0.00504EPSS
Exploits0References2
Prion
Prion
added 2020/01/31 4:15 p.m.16 views

Integer overflow

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.9AI score0.00504EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/01/31 3:8 p.m.80 views

CVE-2014-4859

Integer overflow in the Drive Execution Environment DXE phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data...

7.2CVSS6.7AI score0.00587EPSS
Exploits0
CVE
CVE
added 2020/01/31 3:8 p.m.105 views

CVE-2014-4859

CVE-2014-4859 is an integer overflow in the Drive Execution Environment (DXE) capsule processing of the UEFI Capsule Update mechanism in the open-source EDK2 UEFI implementation; CVE-2014-4860 covers overflow in the PEI phase during capsule coalescing. Impact: potential bypass of access restricti...

7.2CVSS6.6AI score0.00587EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2020/01/31 3:8 p.m.76 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.8AI score0.00504EPSS
Exploits0
Cvelist
Cvelist
added 2020/01/31 3:8 p.m.36 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

6.5AI score0.00504EPSS
Exploits0References1
CVE
CVE
added 2020/01/31 3:8 p.m.71 views

CVE-2014-4860

CVE-2014-4860 is an integer overflow vulnerability in the Pre-EFI Initialization (PEI) capsule update coalescing phase of the UEFI/EDK2 implementation. The issue arises when the capsule update is coalesced back to its original form, enabling a write-what-where condition and potential bypass of ac...

7.2CVSS6.3AI score0.00504EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2020/01/30 9:49 p.m.67 views

200K WordPress Sites Vulnerable to Plugin Flaw

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...

6.8CVSS0.7AI score0.11905EPSS
Exploits2References6
exploitpack
exploitpack
added 2020/01/17 12:0 a.m.13 views

Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass

Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/01/17 12:0 a.m.145 views

WordPress Time Capsule 1.21.16 Authentication Bypass

Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Tested on: LAMP stack with most recent...

0.3AI score
Exploits0
Rows per page
Query Builder