Lucene search
K

6052 matches found

OSV
OSV
added 2020/04/14 3:15 p.m.2 views

CVE-2020-9460

Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable...

5.4CVSS5.8AI score0.01347EPSS
Exploits2References3
Veracode
Veracode
added 2020/04/10 12:53 a.m.32 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld...

4CVSS3.8AI score0.12229EPSS
Exploits1References24Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2020/04/08 4:0 p.m.35 views

Secdo: Privilege escalation via hardcoded script path

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...

7.8CVSS4.1AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2020/04/08 2:15 p.m.17 views

CVE-2019-4603

IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295...

4.3CVSS4.4AI score0.00749EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/08 2:5 p.m.18 views

CVE-2019-4603

IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295...

4.3CVSS4.4AI score0.00749EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/08 12:0 a.m.3 views

Samsung Mobile Device Input Validation Error Vulnerability (CNVD-2020-34727)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An input validation error vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to create other user accounts in a tablet and access user data in extern...

7.1CVSS6.6AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/04/08 12:0 a.m.21 views

CVE-2020-1984

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with ‘create folders or append data’ access to the root of the OS disk C: to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo f...

7.8CVSS1.8AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2020/04/07 5:15 p.m.4 views

CVE-2020-9514

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...

6.5CVSS6.7AI score0.00961EPSS
Exploits1References2
Prion
Prion
added 2020/04/07 5:15 p.m.17 views

Open redirect

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...

5.8CVSS6.5AI score0.02072EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2020/04/07 5:15 p.m.14 views

Code injection

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...

4CVSS6.5AI score0.00961EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/07 4:51 p.m.19 views

CVE-2020-11515

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...

7.1AI score0.02072EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/07 1:33 p.m.31 views

Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent (CVE-2019-19925, CVE-2019-19645, CVE-2019-19924, CVE-2019-19923, CVE-2019-19880, CVE-2019-19646, CVE-2019-19926)

Summary SQLite is vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2019-19925 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by the mishandling of a NULL pathname in the zipfileUpdate function in ext/misc/zipfile.c. By sending a specially-crafted request, a...

9.8CVSS0.9AI score0.0825EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2020/04/07 12:0 a.m.7 views

ZSQL: Check for users with CREATE DATABASE permission

Searches for users and roles with CREATE DATABASE permission and checks whether they are authorized to have it. A user with the CREATE DATABASE permission can creata a database. If this permission is no longer necessary, revoke it. Copyright C 2020 Greenbone Networks GmbH Some text descriptions...

7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/06 9:3 a.m.47 views

Moderate: Red Hat Security Advisory: openstack-manila security update

An update for openstack-manila is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.3CVSS7.2AI score0.01153EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.4 views

The vulnerability of the base_sock_create function in the drivers/isdn/mISDN/socket.c module of the AF_ISDN module in the Linux operating system arises from insufficient input validation. This vulnerability allows an attacker to compromise data integrity.

The vulnerability of the basesockcreate function in the drivers/isdn/mISDN/socket.c module of the AFISDN module in the Linux kernel is related to a lack of mechanisms for checking input data. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

4CVSS6.4AI score0.00542EPSS
Exploits0References42Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.4 views

The vulnerability of the atalk_create function in the net/appletalk/ddp.c module of the AF_APPLETALK module, within the Linux operating system’s kernel, relates to default access rights settings. This vulnerability allows an attacker to compromise data integrity.

The vulnerability of the atalkcreate function in the net/appletalk/ddp.c module of the AFAPPLETALK module is related to the lack of a standard permission mechanism. Exploiting this vulnerability could allow an attacker to compromise data integrity...

3.3CVSS6.6AI score0.00514EPSS
Exploits0References39Affected Software5
RedhatCVE
RedhatCVE
added 2020/04/04 5:44 a.m.29 views

CVE-2018-16850

A SQL Injection flaw has been discovered in PostgreSQL server in the way triggers that enable transition relations are dumped. The transition relation name is not correctly quoted and it may allow an attacker with CREATE privilege on some non-temporary schema or TRIGGER privilege on some table to...

9.8CVSS5AI score0.0515EPSS
Exploits0References2
Hacker One
Hacker One
added 2020/03/27 8:55 p.m.194 views

Slack: Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users

An issue in Slack's Create snippet feature results in filetypes being displayed incorrectly. This can lead to RCE if a Slack user downloads an executable file thinking that it is a CSV or other benign file type. https://www.youtube.com/watch?v=cIlGfnn4iG8...

2.4AI score
Exploits0
exploitpack
exploitpack
added 2020/03/27 12:0 a.m.148 views

ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)

ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author:...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/03/25 12:0 a.m.5 views

The vulnerability of the Windows Media Foundation component in Windows operating systems allows attackers to install programs, view, modify, delete data, or create new accounts with full user privileges.

The vulnerability of the Windows Media Foundation component in Windows operating systems arises from incorrect handling of objects in memory. Exploiting this vulnerability allows attackers to install programs, view, modify, delete data, or create new user accounts with full privileges using a...

7.8CVSS7.3AI score0.05179EPSS
Exploits0References3
Rows per page
Query Builder