Lucene search
K

6052 matches found

CNVD
CNVD
added 2019/08/27 12:0 a.m.6 views

Atlassian Jira Cross-Site Request Forgery Vulnerability (CNVD-2019-30064)

Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site request forgery vulnerability exists in the AddResolution.jspa resource in Jira. A remote attacker could exploit the vulnerability to create new solutions...

4.3CVSS6.9AI score0.00647EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 7:15 p.m.10 views

Cross site scripting

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...

3.5CVSS5.8AI score0.00839EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/08/21 8:15 p.m.4 views

CVE-2019-15316

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation to NT AUTHORITY\SYSTEM via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition...

7CVSS7.1AI score0.00389EPSS
Exploits1References4
OSV
OSV
added 2019/08/20 12:15 a.m.11 views

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

8.8CVSS7AI score
Exploits0References2
NVD
NVD
added 2019/08/20 12:15 a.m.17 views

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

8.8CVSS8.6AI score0.00709EPSS
Exploits1References2
Prion
Prion
added 2019/08/20 12:15 a.m.12 views

Design/Logic Flaw

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors...

3.5CVSS5.2AI score0.00731EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/08/19 11:29 p.m.17 views

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

8.6AI score0.00709EPSS
Exploits1References2
CVE
CVE
added 2019/08/19 11:29 p.m.110 views

CVE-2019-15229

FUEL CMS 1.4.4 is affected by a CSRF flaw in the Admin console’s blocks/create/Create Blocks section. The vulnerability allows an attacker to trick an administrator into executing arbitrary code by requesting a crafted HTML page. Root cause: CSRF in the blocks/create path. Impact is described as ...

8.8CVSS8.6AI score0.00709EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/08/19 12:0 a.m.1 views

FUEL CMS Cross-Site Scripting Vulnerability (CNVD-2019-41832)

FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site scripting vulnerability exists in the Create Blocks section of the Admin console in FUEL CMS version 1.4.4, which stems from a lack of proper validation of client-side data in the WEB application and can ...

5.4CVSS6.4AI score0.00731EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/08/16 12:0 a.m.2 views

PT-2019-6433 · Live Networks +2 · Live555 +2

Name of the Vulnerable Software and Affected Versions: Live555 versions prior to 2019.08.16 Description: The issue is related to a Use-After-Free error in the GenericMediaServer::createNewClientSessionWithId function, which can generate the same client session ID in succession. This is mishandled...

9.8CVSS8.2AI score0.01716EPSS
Exploits0References28
OSV
OSV
added 2019/08/14 9:15 p.m.1 views

CVE-2019-1162

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...

7.8CVSS6AI score0.00878EPSS
Exploits0References1
OSV
OSV
added 2019/08/13 4:15 a.m.1 views

CVE-2019-14987

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...

4.8CVSS5.8AI score0.00633EPSS
Exploits0References1
Prion
Prion
added 2019/08/13 4:15 a.m.17 views

Design/Logic Flaw

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...

3.5CVSS4.9AI score0.00633EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/13 3:38 a.m.75 views

CVE-2019-14987

Adive Framework up to version 2.0.7 is affected by a Cross-Site Scripting (XSS) vulnerability in the Create New Table and Create New Navigation Link functionalities. Root cause indicated as insufficient validation of client-side data in the web application (CNVD reference aligns). Impact per NVD ...

4.8CVSS4.9AI score0.00633EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/13 3:38 a.m.24 views

CVE-2019-14987

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...

5AI score0.00633EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.3 views

PT-2019-3029 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows kernel. This can be exploited by an attacker to elevate their privileges and run arbitrary code in kernel mode...

7.8CVSS8AI score0.00944EPSS
Exploits0References5
NVD
NVD
added 2019/08/12 4:15 p.m.16 views

CVE-2019-14946

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations...

5.4CVSS5.4AI score0.00778EPSS
Exploits2References2
Cvelist
Cvelist
added 2019/08/12 3:29 p.m.18 views

CVE-2019-14946

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations...

5.3AI score0.00778EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.233 views

Debian DLA-1874-1 : postgresql-9.4 security update

CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function,...

8.8CVSS7.5AI score0.0217EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.44 views

FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)

The PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

8.8CVSS6.8AI score0.03184EPSS
Exploits0References4
Rows per page
Query Builder