Lucene search
K

6286 matches found

ATTACKERKB
ATTACKERKB
added 2014/01/22 9:55 p.m.11 views

CVE-2014-0808

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request...

9.1CVSS5.3AI score0.02245EPSS
Exploits0References8Affected Software2
Vulnrichment
Vulnrichment
added 2014/01/22 9:0 p.m.15 views

CVE-2014-0808

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request...

6.5AI score0.02245EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/01/20 12:0 a.m.48 views

Sexy Polling Joomla Extension SQL注入漏洞

CVE ID:CVE-2013-7219 Joomla是一款内容管理系统。 该漏洞由于传递到"/components/comsexypolling/vote.php"脚本的"answerid" HTTP POST参数未能充分验证,远程攻击者可以在应用数据库中执行任意SQL操作。 0 Sexy Polling Joomla Extension =1.0.8 Sexy Polling 1.0.9版本以修复此漏洞,建议用户下载使用:...

7.5CVSS6.6AI score0.02289EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2013/12/31 12:0 a.m.0 views

ABB MicroSCADA Wserver Multiple Buffer Overflows

Multiple Buffer Overflow vulnerabilities have been reported in the Wserver component of ABB MicroSCADA. The vulnerabilities are due to the copying of user controlled data to stack-based buffers without size verification. A remote attacker can exploit this issue by sending a specially crafted...

7.2AI score
Exploits0
RubySec
RubySec
added 2013/12/03 12:0 a.m.23 views

XSS Vulnerability in simple_format helper

There is a vulnerability in the simpleformat helper in Ruby on Rails. The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped...

4.3CVSS1AI score0.01963EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2013/11/27 12:0 a.m.111 views

Microsoft Tagged Image File Format (TIFF) Integer Overflow

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' require 'nokogiri' module ::Nokogiri module XML class Builder Some XML documents don't declare the namespace before referencing, but...

9.3CVSS0.3AI score0.84971EPSS
Exploits7
0day.today
0day.today
added 2013/11/27 12:0 a.m.155 views

Microsoft Tagged Image File Format (TIFF) Integer Overflow

This Metasploit module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD...

9.3CVSS0.4AI score0.84971EPSS
Exploits7
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.65 views

[ MDVSA-2013:272 ] poppler

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:272 http://www.mandriva.com/en/support/security/ Package : poppler Date : November 21, 2013 Affected: Business Server 1.0 Problem Description: Updated poppler packages fix security vulnerabilities: Poppler i...

7.5CVSS7.9AI score0.10483EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2013/11/24 12:0 a.m.27 views

HP Virtual User Generator EmulationAdmin Service copyFileToServer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the EmulationAdmin web service. This service exposes...

10CVSS6.7AI score0.62617EPSS
Exploits8References1
Metasploit
Metasploit
added 2013/11/22 8:25 a.m.77 views

MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow

This module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD value...

7.8CVSS9.6AI score0.84971EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2013/11/05 12:0 a.m.19 views

Horde Groupware Webmail Edition Ingo Filter Cross-Site Request Forgery (CVE-2013-6275)

A Cross-Site Request Forgery CSRF vulnerability has been reported in Horde Groupware Webmail Edition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker...

4.3CVSS6.1AI score0.02072EPSS
Exploits6
Cisco
Cisco
added 2013/10/09 4:4 p.m.29 views

Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability

A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...

4.3CVSS3.4AI score0.00817EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.52 views

Apache OpenJPA code execution

User-controlled data it stored in local executable file...

7.5CVSS1.9AI score0.09511EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2013/08/29 11:33 a.m.11 views

Inside the Response to the New York Times Attack

Late Tuesday morning, one of the engineers in CloudFlare’s San Francisco office saw a message on Twitter saying that the New York Times Web site was down. Minutes later, more messages appeared, as security researchers and others began looking into the situation and realized that someone may have...

0.9AI score
Exploits0References2
Atlassian
Atlassian
added 2013/08/23 1:38 a.m.26 views

CSRF in doremoveblogpost.action

Any page can be deleted if a user with sufficient privileges to delete the page clicks an attacker controlled link, or views an image at an attack controller URL. /pages/doremoveblogpost.action?pageId=...

2.5AI score
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2013/08/21 3:0 p.m.17 views

Jumping Out of IE's Sandbox With One Click

Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release...

1.1AI score
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2013/08/13 12:0 a.m.31 views

Oracle Endeca Server attachDataStore SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...

6.4CVSS6.4AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2013/07/17 4:10 p.m.25 views

Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to escalate privileges on the system. The vulnerability is due to improper file permissions on a privileged system binary. An attacker could exploit this vulnerability by modifying a...

6.8CVSS2.7AI score0.00357EPSS
Exploits0References1
Cisco
Cisco
added 2013/07/17 1:46 p.m.26 views

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...

4.3CVSS3AI score0.00576EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2013/06/03 12:0 a.m.40 views

Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ Local ring0

ifndef WIN32NOSTATUS define WIN32NOSTATUS endif include include include include include ifdef WIN32NOSTATUS undef WIN32NOSTATUS endif include pragma commentlib, "gdi32" pragma commentlib, "kernel32" pragma commentlib, "user32" pragma commentlib, "shell32" pragma commentlinker, "/SECTION:.text,ERW...

0.1AI score
Exploits0
Rows per page
Query Builder