Lucene search
K

2889 matches found

Cvelist
Cvelist
added 2016/07/15 4:0 p.m.28 views

CVE-2016-4529

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFEFORUNTRUSTEDCALLER aka safe for scripting flag...

7.6AI score0.04989EPSS
Exploits0References4
CNVD
CNVD
added 2016/05/12 12:0 a.m.2 views

Mitsubishi FX3G PLC Denial of Service Vulnerability

FX3G series PLC is specialized in providing customers with more personalized system solutions, which can fully meet the system requirements of customers in different industries. A denial-of-service vulnerability exists in the Mitsubishi FX3G PLC, which allows an attacker to exploit the...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/04/19 12:0 a.m.8 views

The vulnerability of the Samba file system allows a perpetrator to circumvent existing access restrictions.

The vulnerability of the samldbcheckuseraccountcontrolacl function in the Samba file system located in the samdb/ldbmodules/samldb.c file is related to improper privilege checking during the creation of computer accounts. Exploiting this vulnerability can allow a malicious actor to circumvent...

6CVSS7.1AI score0.03131EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/04/12 12:0 a.m.2 views

UBUNTU-CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

6.3CVSS6.8AI score0.02902EPSS
Exploits0References4
ICS
ICS
added 2016/02/27 7:0 a.m.23 views

Environmental Systems Corporation Data Controllers Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...

9.4AI score
Exploits0References10
seebug.org
seebug.org
added 2016/01/27 12:0 a.m.208 views

Rails Dynamic Render 远程命令执行漏洞 (CVE-2016-0752)

如果你的应用程序使用的动态模版路径 例如: render params:id 那么你的程序将会存在远程代码执行和本地文件包含漏洞. 请把你的 Rails 升级到最新版本, 或者重构你的 controllers。 我们将展示如何在特定环境下使用代码执行和本地包含漏洞去攻击 Ruby on Rails 。 Rails的控制器有包含指定渲染文件的功能,举个例子, 当我们调用 show 方法的时候,如果没有定义其他渲染方法,该框架将会隐藏渲染 show.html.erb 文件。 在绝大多数情况下,开发者会输出不同的格式,例如:文本, JSON, XML 或者其他任何格式,或者查看一个文件,...

5CVSS6.7AI score0.95537EPSS
Exploits12
Citrix
Citrix
added 2016/01/06 12:0 a.m.9 views

FAQ: Connection Leasing in XenApp/XenDesktop 7.6

Q: What is Connection leasing? A: It allows users to connect to recently used published applications or desktops launchedwithin the last 2 weeks or less during a site database failure using a combination of a license lease and cached information on the Delivery Controllers. The Delivery...

7.2AI score
Exploits0
OSV
OSV
added 2015/12/29 10:59 p.m.2 views

DEBIAN-CVE-2015-8467

The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass...

7.5CVSS7.4AI score0.03131EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/12/29 12:0 a.m.9 views

The vulnerability of microprogrammed software in programmable logic controllers PCD allows a intruder to gain administrator privileges.

The vulnerability of PCD programmable logic controllers’ microprogramming software exists due to the rigid encoding of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain administrator privileges through an FTP session...

10CVSS7.7AI score0.02419EPSS
Exploits0References4Affected Software10
Kitploit
Kitploit
added 2015/12/24 8:14 p.m.29 views

PentestPackage - A Package of Multiple Pentest Scripts

Contents: Wordlists - Comprises of password lists, username lists and subdomains Web Service finder - Finds web services of a list of IPs and also returns any URL rewrites Gpprefdecrypt. - Decrypt the password of local users added via Windows 2008 Group Policy Preferences. rdns.sh - Runs...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2015/12/18 12:9 p.m.13 views

Schneider Electric Patches Buffer Overflow in PLC Line

Automation and energy management company Schneider Electric patched a vulnerability in a product line this week that was leaving a handful of programmable automation controllers at risk of being hacked. Thirteen different builds of the Modicon M340 PLC are affected by the vulnerability, a buffer...

1.7AI score
Exploits0References2
OSV
OSV
added 2015/12/16 12:0 a.m.6 views

UBUNTU-CVE-2015-8467

The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass...

7.5CVSS7.1AI score0.03131EPSS
Exploits0References4
OSV
OSV
added 2015/12/16 12:0 a.m.3 views

UBUNTU-CVE-2015-7540

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service memory consumption and daemon crash via crafted packets...

7.5CVSS6.8AI score0.07116EPSS
Exploits0References4
ICS
ICS
added 2015/12/06 7:0 a.m.39 views

Siemens SPC Controller Series Denial-of-Service Vulnerability

OVERVIEW Davide Peruzzi of GoSecure! has identified a denial-of-service DoS vulnerability in the Siemens SPC Controllers. Siemens has produced an update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following SPC Controllers are affected:...

7.8CVSS6.5AI score0.02292EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.6 views

Vulnerability of microprogrammed software in Micrologix 1100 and 1400 programmable logic controllers, allowing a intruder to cause malfunctions during maintenance

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause a service failure through a specially crafted HTTP request...

7.8CVSS5.8AI score0.04443EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.8 views

Vulnerability of microprogrammed software for Micrologix 1100 and 1400 programmable logic controllers, allowing a intruder to execute arbitrary code

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 is caused by buffer overflow on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS6.3AI score0.06965EPSS
Exploits0References2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.4631 views

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2015/10/03 9:28 p.m.12 views

Design Flaws Make Drones Vulnerable to Cyber-Attacks

In the past, The Hacker News THN reported about various activities surrounding Drones. Whether it was the development of the first backdoor for drones MalDrone, or Weaponized drones getting legal, or Drones hacking smartphones. And now the reports depict... Security Researcher has showcased a...

7.1AI score
Exploits0
Prion
Prion
added 2015/09/28 2:59 a.m.10 views

Hardcoded credentials

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a...

9CVSS7.2AI score0.01869EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/09/22 12:0 a.m.2 views

Multiple Huawei WLAN AC Products Information Disclosure Vulnerability

Huawei WLAN AC6005 and others are wireless access controller products from Huawei China. An information disclosure vulnerability exists in the mDNS module module of multiple Huawei WLAN AC products. An attacker can exploit the vulnerability to disclose sensitive information...

7.5CVSS6.1AI score0.0131EPSS
Exploits0References1
Rows per page
Query Builder