Lucene search
K

83 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:42 a.m.49 views

Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Collaborative Lifecycle Management products (CVE-2013-0422)

Summary Potential security vulnerability issues may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Collaborative Lifecycle Management CLM products Rational Quality Manager, Rational Team Concert and Rational Requirements Compose...

10CVSS0.6AI score0.97612EPSS
Exploits38Affected Software3
Vulnerability Lab
Vulnerability Lab
added 2018/02/20 12:0 a.m.46 views

Geldkarte - transaktionsid Cross Site Scripting Vulnerability

Document Title: =============== Geldkarte - transaktionsid Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2118 Release Date: ============= 2018-02-20 Vulnerability Laboratory ID VL-ID:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2017/06/12 12:0 a.m.47 views

Evolution Script CMS 5.3 Cross Site Scripting

Document Title: =============== Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2075 Release Date: ============= 2017-06-07 Vulnerability Laboratory ID VL-ID:...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/05/26 12:0 a.m.3 views

Webgrind 'file' Parameter Cross-Site Scripting Vulnerability

Webgrind is a set of PHP execution time analysis tool . A cross-site scripting vulnerability exists in Webgrind's handling of the 'file' parameter, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...

6.5AI score
Exploits0References1
CNVD
CNVD
added 2015/03/04 12:0 a.m.1 views

Cross-site scripting vulnerability in tcllib'::html::textarea' function

tcllib is a collection of packages for the Tcl programming language, distributed as both source code and precompiled binaries, and supporting a wide range of common operating systems: Windows, BSD, Unix, and Linux. A cross-site scripting vulnerability exists in the tcllib '::html::textarea'...

6.3AI score
Exploits0References1
seebug.org
seebug.org
added 2014/09/24 12:0 a.m.19 views

live800在线沟通平台客户端存储型XSS可攻击客服

简要描述: 帮朋友测试项目时无意间发现的。 详细说明: 我没有做过大量统计和测试,但根据我这几个月零零散散的测试我认为仍然存有大量的桌面应用,web应用和浏览器插件存有一摸一样的问题。 所以,这个XSS的输入点还是文件名。 漏洞证明: 首先我们构造这样的文件名: .jpg 随后通过http://x55.me/800.htm向客服发送文件,如下图: 现在切换到客服的应用界面,看发生了什么?...

7.1AI score
Exploits0
Core Security
Core Security
added 2014/08/20 12:0 a.m.530 views

Delphi and C++ Builder VCL library Buffer Overflow

1. Advisory Information Title: Delphi and C++ Builder VCL library Buffer Overflow Advisory ID: CORE-2014-0004 Advisory URL:http://www.coresecurity.com/core-labs/advisories/delphi-and-c-builder-vcl-library-buffer-overflow Date published: 2014-08-20 Date of last update: 2014-08-20 Vendors contacted...

6.8CVSS7.4AI score0.05697EPSS
Exploits0
seebug.org
seebug.org
added 2014/08/07 12:0 a.m.65 views

用友人力资源管理软件SQL注入漏洞(无需登录,影响所有版本)

简要描述: 详细说明: 用友软件: 涉及客户非常多。都是大型国企、银行、能源、金融重要单位。 举例如下: 大连银行 http://zpyc.bankofdl.com 顺德农商行 http://career.sdebank.com 中国海洋石油总公司 http://zhaopin.cnooc.com.cn 北京市建筑设计研究院 www.biad.com.cn:88/ 民生银行 http://ehr.creditcard.cmbc.com.cn 中国中铁 http://61.232.6.108/ ....等等单位 直接谷歌搜 inurl:hrss/login.jsp inurl:hrss/r...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.41 views

OTRS FAQ Module - Persistent XSS

No description provided by source. Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS ITSM FAQ Module 3.2...

6.9AI score0.04305EPSS
Exploits6
seebug.org
seebug.org
added 2014/06/22 12:0 a.m.40 views

FangMail储存型XSS

简要描述: http://www.fangmail.net/abous/Successcase.html 近10w客户? 详细说明: 邮件正文插入 即可触发。 漏洞证明:...

7.1AI score
Exploits0
Core Security
Core Security
added 2013/12/17 12:0 a.m.29 views

RealPlayer Heap-based Buffer Overflow Vulnerability

Advisory ID Internal CORE-2013-0903 1. Advisory Information Title: RealPlayer Heap-based Buffer Overflow Vulnerability Advisory ID: CORE-2013-0903 Advisory URL:https://www.coresecurity.com/core-labs/advisories/realplayer-heap-based-buffer-overflow-vulnerability Date published: 2013-12-17 Date of...

9.3CVSS7.3AI score0.11345EPSS
Exploits11
Packet Storm
Packet Storm
added 2013/10/15 12:0 a.m.26 views

PDFCool Studio Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PDFCool Studio Buffer Overflow...

6.8CVSS0.5AI score0.04083EPSS
Exploits2
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.41 views

CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PDFCool Studio Buffer Overflow Vulnerability 1. Advisory Information Title: PDFCool Studio Buffer Overflow Vulnerability Advisory ID: CORE-2013-0828 Advisory URL:...

6.8CVSS7.5AI score0.04083EPSS
Exploits2
CERT
CERT
added 2013/02/22 12:0 a.m.23 views

CS-Cart v3.0.4 configured with PayPal Standard Payments design vulnerability

Overview CS-Cart v3.0.4 and possibly other versions configured with PayPal Standard Payment is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that CS-Cart v3.0.4 configured with PayPal Standard...

5CVSS7.4AI score0.01724EPSS
Exploits0References1
CERT
CERT
added 2012/09/18 12:0 a.m.33 views

osCommerce v2.3.1 with PayPal website payments standard module v1.0 design vulnerability

Overview osCommerce 2.3.1 and possibly other versions with the PayPal website payments standard module is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that osCommerce 2.3.1 using the PayPal websit...

5CVSS6.1AI score0.0114EPSS
Exploits0References3
securityvulns
securityvulns
added 2011/11/21 12:0 a.m.72 views

iGuard Biometric Access Control - Multiple Vulnerabilities

Title: ====== iGuard Biometric Access Control - Multiple Vulnerabilities Date: ===== 2011-11-08 References: =========== 2011/Q3-4 URL: http://vulnerability-lab.com/getcontent.php?id=104 VL-ID: ===== 104 Introduction: ============= Each iGuard Biometric / Smart Card Security Appliance has a built-...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2010/11/07 1:38 a.m.7 views

Social-Engineer Toolkit v1.0 - Latest Version Download

The Social Engineer Toolkit SET has been updated to version 1.0! We wrote about the Social Engineer's Toolkit in our old post here. This release is called the Devolution Release. "The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the hum...

7.5AI score
Exploits0
UbuntuCve
UbuntuCve
added 2009/10/06 8:30 p.m.26 views

CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

9.3CVSS5.8AI score0.01293EPSS
Exploits0References1
Prion
Prion
added 2009/10/06 8:30 p.m.16 views

Code injection

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

9.3CVSS6.9AI score0.01293EPSS
Exploits0References4
NVD
NVD
added 2009/10/06 8:30 p.m.16 views

CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

9.3CVSS6.4AI score0.01293EPSS
Exploits0References4
Rows per page
Query Builder