Lucene search
K

2886 matches found

NVD
NVD
added 2014/10/06 2:55 p.m.30 views

CVE-2014-0140

Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request...

4CVSS6.2AI score0.0124EPSS
Exploits0References2
CVE
CVE
added 2014/10/06 2:0 p.m.56 views

CVE-2014-0140

Red Hat CloudForms Management Engine (CFME) prior to 5.3 is affected. An authenticated user could access sensitive controllers and actions via direct HTTP(S) requests, enabling possible privilege escalation. The issue is documented under CVE-2014-0140 and addressed in Red Hat’s RHSA-2014:1317; re...

4CVSS6.4AI score0.0124EPSS
Exploits0References2Affected Software6
Positive Technologies
Positive Technologies
added 2014/10/06 12:0 a.m.5 views

PT-2014-3496 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Recommendations: For versions prior to 5.3, update to version 5....

4CVSS6AI score0.0124EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/10/02 6:40 p.m.1 views

CFME: default routes expose controllers and actions

It was found that Red Hat CloudForms exposed default routes that were reachable via HTTPS requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation...

4CVSS5.7AI score0.0124EPSS
Exploits0References4
Cent OS
Cent OS
added 2014/09/23 5:23 a.m.101 views

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2014:1281 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS...

3.3CVSS6.2AI score0.0036EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2014/09/23 12:0 a.m.41 views

RedHat Update for kernel RHSA-2014:1281-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS6.9AI score0.0036EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/09/23 12:0 a.m.55 views

RHEL 7 : kernel (RHSA-2014:1281)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1281 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux...

3.3CVSS6.8AI score0.0036EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/09/23 12:0 a.m.39 views

CentOS 7 : kernel (CESA-2014:1281)

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

3.3CVSS6.8AI score0.0036EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/09/22 6:23 p.m.82 views

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

3.3CVSS6.2AI score0.0036EPSS
Exploits0References2
Nmap
Nmap
added 2014/08/18 1:55 a.m.338 views

supermicro-ipmi-conf NSE Script

Attempts to download an unprotected configuration file containing plain-text user credentials in vulnerable Supermicro Onboard IPMI controllers. The script connects to port 49152 and issues a request for "/PSBlock" to download the file. This configuration file contains users with their passwords ...

10CVSS9.2AI score0.99448EPSS
Exploits33
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.29 views

Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability

No description provided by source. Vendor Homepage: http://www.ubnt.com/ Tested on: Kali Linux ----------------------------------------- Affected Products/Versions: ----------------------------------------- UniFi Controller v2.4.6 mFi Controller v2.0.15 AirVision Controller v2.1.3 Note: Previous...

3.7CVSS8.7AI score0.01284EPSS
Exploits6
Cvelist
Cvelist
added 2014/07/24 2:0 p.m.31 views

CVE-2014-2717

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...

7AI score0.0374EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.45 views

Joomla Component (com_jphone) Local File Inclusion Vulnerability

0x01 漏洞简述 CVE-2010-3426 CNNVD-201009-171 发布时间 : 2010-09-16 影响版本 : 1.0 Alpha 3 官方主页 : http://www.4you-studio.com 下载链接 : http://www.joomlafrance.org/telecharger/download/Jphone/344bbad81cf491b6e5215e3f15fc3fb7.html 4You-Studio JPhone组件 'controller' 参数本地文件包含漏洞 Joomla!是一款开放源码的内容管理系统CMS。 Joomla!中的JPho...

7.5CVSS6AI score0.14109EPSS
Exploits3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6666/info It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/07/01 12:0 a.m.290 views

Supermicro Onboard IPMI Port 49152 Sensitive File Exposure Exploit

This module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Magento 1.2 app/code/core/Mage/Adminhtml/controllers/IndexController.php email Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/33872/info Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affect...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.40 views

Samsung D6000 TV Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: Samsung devices with support for remote controllers http://www.samsung.com Versions: current Platforms: the vulnerable protocol is used on both TV and blue-ray devices so both of them should be vulnerable my tests were performed only ...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/06/27 1:31 p.m.16 views

20-Year Old Vulnerability Patched in Compression Algorithm

A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...

0.4AI score
Exploits0References3
MSRC
MSRC
added 2014/05/13 7:0 a.m.7 views

MS14-025: An Update for Group Policy Preferences

Today, we released an update to address a vulnerability in Group Policy Preferences MS14-025. Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...

7AI score
Exploits0
NVD
NVD
added 2014/04/25 5:12 a.m.19 views

CVE-2014-0760

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...

9.3CVSS7.9AI score0.0315EPSS
Exploits0References2
Rows per page
Query Builder