CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Amazon•added 2014/09/17 12:0 a.m.•130 views

Low: httpd

Issue Overview: The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

5CVSS6.6AI score0.65044EPSS

Exploits2

OpenVAS•added 2014/09/17 12:0 a.m.•22 views

RedHat Update for automake RHSA-2014:1243-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS6.4AI score0.00185EPSS

RedHat Linux•added 2014/09/16 5:28 a.m.•33 views

Low: Red Hat Security Advisory: automake security update

An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...

4.4CVSS7.5AI score0.00185EPSS

OpenVAS•added 2014/07/27 12:0 a.m.•17 views

Debian Security Advisory DSA 2991-1 (modsecurity-apache - security update)

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended modsecurity restrictions by using chunked transfer coding with a...

5CVSS6.1AI score0.00842EPSS

Exploits2References1

ICS•added 2014/07/24 6:0 a.m.•36 views

Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 6, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi working through ZDI has identified two custom ActiveX Component vulnerabilities in Rockwell...

7.5CVSS7AI score0.00394EPSS

Exploits0References10

ThreatPost•added 2014/07/09 4:11 p.m.•15 views

Android Exploited to Make, End Phone Calls; Send USSD Codes

A pair of vulnerabilities in all but the newest KitKat iteration of Google’s Android operating system could let a malicious or rogue application exceed its permission level in order to make phone calls, hang up phone calls, or send USSD or MMI codes. Marco Lux and Pedro Umbelino of Curesec claim...

0.3AI score

Exploits0References1

seebug.org•added 2014/07/01 12:0 a.m.•18 views

otscms <= 2.1.5 (sql/xss) Multiple Vulnerabilities

No description provided by source. Coding 4 Fun Name = OTSCMS 2.1.5 by Wrzasq http://otscms.com ; Class = Sql Injection / XSS ; Download = http://sourceforge.net/project/showfiles.php?groupid=145557 ; Found by = GregStar gregstaratc4f.pl http://c4f.pl ;...

seebug.org•added 2014/07/01 12:0 a.m.•30 views

Solaris 2.6/7.0 /locale Subsystem Format String

No description provided by source. / source: http://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

Drake CMS < 0.2.3 ALPHA rev.916Remote File Inclusion Vulnerability

No description provided by source. Coding 4 Fun c4f.pl Drake CMS v0.2.2 ALPHA rev.846 http://drakecms.org ; Class = Remote File Inclusion ; Download = https://sourceforge.net/project/showfiles.php?groupid=166901&packageid=192077&releaseid=420102 ; Found by = GregStar gregstaratc4fdotpl ;...

seebug.org•added 2014/07/01 12:0 a.m.•27 views

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

Debian Linux 2.0 Super Syslog Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/342/info After the first super buffer overflow vulnerability was discovered, another appeared shortly after. This vulnerability exists when the syslog option is enabled. The overflow is in the file error.c, in the Error...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

Libc locale exploit (2)

No description provided by source. / source: http://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

NVD•added 2014/05/31 11:17 a.m.•20 views

CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...

5CVSS8AI score0.46749EPSS

Exploits1References48

Prion•added 2014/05/31 11:17 a.m.•27 views

Integer overflow

5CVSS7.2AI score0.46749EPSS

Exploits1References48Affected Software1

Cvelist•added 2014/05/31 10:0 a.m.•28 views

CVE-2014-0075

8AI score0.46749EPSS

Exploits1References48

Debian CVE•added 2014/05/31 10:0 a.m.•37 views

CVE-2014-0075

Removed by vendor...

5CVSS6.9AI score0.46749EPSS

Exploits1

UbuntuCve•added 2014/05/31 12:0 a.m.•32 views

CVE-2014-0075

5CVSS6.8AI score0.46749EPSS