Lucene search
K

58 matches found

OSV
OSV
added 2017/09/23 8:29 p.m.2 views

DEBIAN-CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

6.1CVSS6.5AI score0.02136EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/09/23 8:0 p.m.23 views

CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

7.2AI score0.02136EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2017/09/23 8:0 p.m.28 views

CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

6.1CVSS4.6AI score0.02136EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/03/18 8:59 p.m.23 views

CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

8.8CVSS7.2AI score0.04036EPSS
Exploits1References6
Prion
Prion
added 2017/03/18 8:59 p.m.12 views

Cross site request forgery (csrf)

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

6.8CVSS8.4AI score0.04036EPSS
Exploits1References8Affected Software2
OSV
OSV
added 2017/03/18 8:59 p.m.5 views

UBUNTU-CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

8.8CVSS7.4AI score0.04036EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2017/03/18 8:10 p.m.34 views

CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

8.8CVSS9.1AI score0.04036EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2016/03/16 5:36 p.m.5 views

Mozilla: Memory corruption with malicious NPAPI plugin (MFSA 2016-31)

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference and memory corruption via a crafted NPAPI plug...

8.8CVSS7.8AI score0.02928EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2015/05/18 12:0 a.m.7 views

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure

The vulnerability of the Mozilla Firefox browser exists due to a memory handling error in the function AsyncPaintWaitEvent::AsyncPaintWaitEvent. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by using a specially crafted plugin that improperl...

6.8CVSS8.2AI score0.02586EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2015/05/01 3:59 p.m.16 views

Code injection

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

9.3CVSS7.9AI score0.02429EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/05/01 3:0 p.m.28 views

CVE-2015-3446

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

7.4AI score0.02429EPSS
Exploits0References3
NVD
NVD
added 2015/04/27 11:59 a.m.17 views

CVE-2015-2706

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a crafted plugin that does not properly complete initialization...

6.8CVSS7.5AI score0.02586EPSS
Exploits0References9
Prion
Prion
added 2015/04/27 11:59 a.m.21 views

Race condition

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a crafted plugin that does not properly complete initialization...

6.8CVSS8.1AI score0.02586EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2015/04/24 11:0 p.m.29 views

CVE-2015-2706

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a crafted plugin that does not properly complete initialization...

9.5AI score0.02586EPSS
Exploits0References9
CVE
CVE
added 2015/04/24 11:0 p.m.150 views

CVE-2015-2706

CVE-2015-2706 affects Mozilla Firefox before 37.0.2, where a race condition in AsyncPaintWaitEvent() during plugin initialization can lead to remote code execution or a denial of service via use-after-free. The vulnerability is confirmed in multiple advisories (e.g., Firefox updates to 37.0.2 add...

6.8CVSS9.4AI score0.02586EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2015/04/21 12:0 a.m.3 views

UBUNTU-CVE-2015-2706

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a crafted plugin that does not properly complete initialization...

6.8CVSS7.7AI score0.02586EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

atmail email server appliance 6.4 - Stored XSS - csrf - rce

No description provided by source. Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/07/21 12:0 a.m.17 views

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail...

0.5AI score
Exploits0
Rows per page
Query Builder