Lucene search
+L

3633 matches found

CNVD
CNVD
added 2017/11/02 12:0 a.m.5 views

Circle with Disney SSL TLS Man-in-the-Middle Attack Vulnerability (CNVD-2017-33184)

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. An SSL TLS man-in-the-middle attack vulnerability exists in the remote control feature in Circle with Disney version 2.0.1. An attacker...

7.4CVSS6.5AI score0.00663EPSS
Exploits2References1
seebug.org
seebug.org
added 2017/10/24 12:0 a.m.107 views

Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation(CVE-2017-5123)

This is a guest post by a young and talented Portuguese exploiter, Federico Bento. He won this year’s Pwnie for Epic Achievement exploiting TIOCSTI ioctl. Days ago he posted a video demonstrating an exploit for CVE-2017-5123 and luckly for you I managed to convince him to do a write-up about it. ...

8.2AI score0.03714EPSS
Exploits10
Veracode
Veracode
added 2017/10/02 10:55 a.m.18 views

Cross-site Scripting (XSS)

genix/cms is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the Menu ID field ininc/lib/Control/Backend/menus.control.php , allowing a malicious user to inject and execute arbitrary web script through a page=menus request...

6.1CVSS5.9AI score0.00683EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/09/29 2:0 p.m.21 views

CVE-2017-13987

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files...

7.1AI score0.00963EPSS
Exploits0References2
OSV
OSV
added 2017/08/21 2:19 p.m.12 views

USN-3399-1 cvs vulnerability

Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user...

7.5CVSS6.8AI score0.05968EPSS
Exploits1References2
OSV
OSV
added 2017/08/13 12:0 a.m.3 views

UBUNTU-CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

7.5CVSS7.2AI score0.05968EPSS
Exploits1References4
CNVD
CNVD
added 2017/08/04 12:0 a.m.6 views

Siemens 300/400 Series PLC Remote Control Vulnerability

Programmable controller PLC is developed on the basis of relay control and computer control, and gradually developed into a new type of industrial automatic control device based on microprocessor and integrating modern technologies such as computer technology, automatic control technology and...

7AI score
Exploits0References1
CNVD
CNVD
added 2017/07/25 12:0 a.m.7 views

Televes COAXDATA GATEWAY 1Gbps Device Arbitrary Password Change Vulnerability

The Televes COAXDATA GATEWAY 1Gbps devices is a wireless router device from the Spanish company Televes. A security vulnerability exists in the Televes COAXDATA GATEWAY 1Gbps device that stems from a lack of access control and detection on the client side. An attacker could exploit the...

9.8CVSS6.9AI score0.01456EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/05/15 12:0 a.m.6 views

The vulnerability of the MySQL database management system allows malicious actors to compromise the confidentiality of information.

The vulnerability of the MySQL Server component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of information through network packets...

6CVSS6.4AI score0.0264EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/03/23 12:0 a.m.8 views

The vulnerability of Microsoft Edge browser allows a hacker to bypass existing access restrictions policies.

The vulnerability of Microsoft Edge is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing policies that restrict access to HTML elements in other browser windows...

4CVSS5.8AI score0.28545EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2017/03/17 12:0 a.m.53 views

Microsoft IE And Microsoft Edge Flash Player RCE Vulnerability (3201860)

This host is missing a critical security update according to Microsoft Bulletin MS16-128. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS8.3AI score0.25198EPSS
Exploits0References5
Prion
Prion
added 2017/03/14 10:59 p.m.21 views

Improper access control

Access control vulnerability in Intel Security Data Loss Prevention Endpoint DLPe 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get...

4.6CVSS6.8AI score0.00311EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/02/17 12:0 a.m.2 views

SAP GRC Access Control EAM Security Bypass Vulnerability

SAP GRC is a suite of governance, risk management and compliance solutions from SAP Germany. A security bypass vulnerability exists in SAP GRC. An attacker could use this vulnerability to bypass certain security restrictions and gain unauthorized access to the application...

6.8AI score
Exploits0References1
OSV
OSV
added 2017/02/15 11:59 p.m.6 views

CVE-2017-0311

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges...

8.8CVSS6.9AI score
Exploits0References1
Hacker One
Hacker One
added 2017/02/11 3:9 p.m.14 views

OLX: Combined attacks leading to stealing user's account

Hello, First: I have found out that when I register an account with the an email already used it doesn't tell anything but it sends a link to the registered email and when the user visits the link the password is changed without any further checking if the user was the one who asked for password...

0.5AI score
Exploits0
Metasploit
Metasploit
added 2017/02/11 5:48 a.m.65 views

Carlo Gavazzi Energy Meters - Login Brute Force, Extract Info and Dump Plant Database

This module scans for Carlo Gavazzi Energy Meters login portals, performs a login brute force attack, enumerates device firmware version, and attempt to extract the SMTP configuration. A valid, admin privileged user is required to extract the SMTP password. In some older firmware versions, the SM...

7.5CVSS7AI score0.09317EPSS
Exploits2
Prion
Prion
added 2017/01/06 9:59 p.m.13 views

Design/Logic Flaw

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system...

10CVSS7.3AI score0.04867EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/08/03 12:0 a.m.9 views

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the MediaTek driver for the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application...

9.3CVSS7.2AI score0.00421EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.6 views

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the include/core/SkPostConfig.h function in the Skia graphics library of the Systemserver operating system in Android is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges including crashing the...

9.3CVSS7.2AI score0.00473EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/04/07 8:0 p.m.45 views

CVE-2015-8680

The CVE-2015-8680 entry describes an interface access control vulnerability in Huawei P8 and Mate S devices where the graphics driver can be manipulated by a crafted app with graphics permission to cause a denial of service (system crash) or gain privileges. Affected software includes Huawei mode...

9.3CVSS7.4AI score0.00722EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder