Lucene search
K

208 matches found

CVE
CVE
added 2018/05/21 9:0 p.m.43 views

CVE-2018-11330

Pluck CMS (before 4.7.6) is affected by an authenticated stored XSS vulnerability due to improper restriction of the character set for filenames. This is consistently reported across CVE-2018-11330 entries in NVD, Red Hat, CNVD, OSV, and related records. No exploit details or remediation version ...

4.8CVSS4.7AI score0.00653EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/05/21 9:0 p.m.19 views

CVE-2018-11330

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...

4.9AI score0.00653EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/10/26 12:0 a.m.33 views

Fedora 26 : glibc (2017-2c63df4fe3)

This update addresses various minor issues in the glibc package : - The DNS stub resolver now picks up changes to /etc/resolv.conf automatically RHBZ1374239. - The DNS stub resolver supports an unlimited number of search domains RHBZ168253. - CVE-2015-5180, a segmentation fault potentially...

7.5CVSS7.6AI score0.06219EPSS
Exploits0References2
Fedora
Fedora
added 2017/10/13 9:21 p.m.12 views

[SECURITY] Fedora 25 Update: recode-3.6-43.fc25

The recode' converts files between character sets and usages. It recognizes or produces nearly 150 different character sets and is able to transliterate files between almost any pair. When exact transliteration are not possible, it may get rid of the offending characters or fall back on...

3.2AI score
Exploits0
Veracode
Veracode
added 2017/09/26 9:33 a.m.11 views

SQL Injection

opencart is vulnerable to SQL injection attacks. It is possible because it uses improper character set in mysql.php at the server level, allowing the attackers to perform multi-byte attack...

7.9AI score
Exploits0
Prion
Prion
added 2017/08/05 5:29 p.m.14 views

Default credentials

DISPUTED An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited s...

5CVSS7.3AI score0.01716EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.16 views

CVE-2017-9853

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of...

9.8CVSS9.5AI score0.01716EPSS
Exploits0References3
Prion
Prion
added 2017/07/12 9:29 p.m.21 views

Sql injection

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

7.5CVSS9.7AI score0.01035EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/05/15 12:0 a.m.60 views

F5 Networks BIG-IP : Linux kernel vulnerability (K90803619)

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a 'double fetch' vulnerability. CVE-2016-6136 Impact Locall...

4.7CVSS6.2AI score0.00267EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2017/04/27 12:0 a.m.60 views

TYPO3 News Module SQL Injection

Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli !/usr/bin/python3 TYPO3 News Module SQL Injection...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2016/09/20 12:0 a.m.18 views

Mastery OA /general/ems/manage/search_excel. php file SQL injection vulnerabilities

Width byte injection occurs the position is that PHP sends a request to the MYSQL character set to use the charactersetclient setting a value for an encoding, the GET parameters if it contains“%df%27”, addslashes encoded into‘\’ variable“%df%5c%27”, in MySQL in the processing use the gbk characte...

7.4AI score
Exploits0
NVD
NVD
added 2016/08/06 8:59 p.m.30 views

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

4.7CVSS4.7AI score0.00267EPSS
Exploits0References11
OSV
OSV
added 2016/08/06 8:59 p.m.11 views

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

4.7CVSS6.7AI score
Exploits0References11
Cvelist
Cvelist
added 2016/08/06 8:0 p.m.39 views

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

5.4AI score0.00267EPSS
Exploits0References11
CVE
CVE
added 2016/08/06 8:0 p.m.168 views

CVE-2016-6136

CVE-2016-6136 is a Linux kernel race condition in audit_log_single_execve_arg (auditsc.c) that can allow a local user to bypass character-set restrictions or disrupt system-call auditing via a double-fetch flaw. Connected advisories confirm multiple vendors map this CVE to Linux kernel fixes; rem...

4.7CVSS5.3AI score0.00267EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2016/08/06 8:0 p.m.37 views

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

4.7CVSS6.2AI score0.00267EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/08/06 12:0 a.m.50 views

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

4.7CVSS6.7AI score0.00267EPSS
Exploits0References12
OSV
OSV
added 2016/08/06 12:0 a.m.3 views

UBUNTU-CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

4.7CVSS6.6AI score0.00267EPSS
Exploits0References13
OSV
OSV
added 2016/04/11 9:59 p.m.8 views

CVE-2015-8708

Stack-based buffer overflow in the conveuctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614...

7.3CVSS7.6AI score
Exploits0References2
NVD
NVD
added 2016/04/11 9:59 p.m.12 views

CVE-2015-8708

Stack-based buffer overflow in the conveuctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614...

7.5CVSS6AI score0.01539EPSS
Exploits0References2
Rows per page
Query Builder