Lucene search
K

6046 matches found

OSV
OSV
added 2019/03/20 12:0 a.m.1 views

UBUNTU-CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

5.3CVSS6.8AI score0.01109EPSS
Exploits0References7
CVE
CVE
added 2019/03/16 12:0 p.m.40 views

CVE-2019-7223

CVE-2019-7223 is a stored XSS in InvoicePlane 1.5 affecting the PDF password field (index.php/invoices/ajax/save) with the payload rendered on index.php/invoices/view/##. This is documented across multiple feeds (NVD, OSV, CNVD) as a cross-site scripting vulnerability; exploit details, affected v...

5.4CVSS5.5AI score0.00679EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2019/03/14 10:47 a.m.2 views

Telegram Gained 3 Million New Users During WhatsApp, Facebook Outage

WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms. While the outage was quite troubli...

6.7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/03/12 12:0 a.m.7 views

October 18, 2018—KB4462932 (OS Build 16299.755)

October 18, 2018—KB4462932 OS Build 16299.755 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses the redenomination of local currency that the Central Bank of Venezuela implemented ...

6.9AI score
Exploits0
0day.today
0day.today
added 2019/03/10 12:0 a.m.171 views

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting

Exploit for multiple platform in category web applications Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 ...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2019/03/08 12:0 a.m.56 views

DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery

DirectAdmin 1.55 - CMDACCOUNTADMIN Cross-Site Request Forgery Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link:...

6.8CVSS0.8AI score0.02435EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/08 12:0 a.m.74 views

DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery

Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADMIN Version: 1.55 CVE: CVE-2019-9625...

8.8CVSS8.8AI score0.02435EPSS
Exploits5
CNVD
CNVD
added 2019/03/04 12:0 a.m.1 views

Unauthorized Access Vulnerability in Odoo

Odoo formerly known as OpenERP is an enterprise resource planning ERP and customer relationship management CRM system. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management and financial management. Odoo suffers...

7.1AI score
Exploits0
OSV
OSV
added 2019/02/28 6:29 p.m.3 views

CVE-2018-18497

Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...

6.5CVSS7.3AI score
Exploits0References4
CNVD
CNVD
added 2019/02/28 12:0 a.m.4 views

NVIDIA Windows GPU Display Driver Input Validation Error Vulnerability

The NVIDIA Windows GPU Display Driver is a display driver for Windows systems. An array index reference vulnerability exists in the kernel mode layer nvlddmkm.sys create context command DDI DxgkDdiCreateContext in the NVIDIA Windows GPU display driver. The vulnerability stems from the product usi...

7.8CVSS6.9AI score0.00386EPSS
Exploits0References1
Prion
Prion
added 2019/02/26 11:29 p.m.15 views

Information disclosure

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...

9CVSS9.2AI score0.03079EPSS
Exploits1References2
NVD
NVD
added 2019/02/26 11:29 p.m.21 views

CVE-2019-9201

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...

9.8CVSS9.5AI score0.03079EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/02/26 11:0 p.m.30 views

CVE-2019-9201

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...

9.8CVSS9.4AI score0.03079EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2019/02/26 11:0 p.m.8 views

CVE-2019-9201

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...

9.8CVSS7.3AI score0.03079EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/02/26 12:0 a.m.5 views

PT-2019-6215

Name of the Vulnerable Software and Affected Versions ILC 1x0 versions affected versions not specified ILC 1x1 versions affected versions not specified ILC 1x1 GSM/GPRS versions affected versions not specified ILC 3xx versions affected versions not specified AXC 1050 versions affected versions no...

9.8CVSS7.8AI score0.03079EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2019/02/18 12:0 a.m.39 views

Apache CouchDB 2.3.0 - Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named databases, which store documents. Each...

7.4AI score
Exploits0
OSV
OSV
added 2019/02/15 3:29 p.m.1 views

DEBIAN-CVE-2019-6974

In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free...

8.1CVSS7.4AI score0.16523EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2019/02/15 12:0 a.m.6 views

PT-2019-5609 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 3.10 Description: A denial of service situation can be created by an attacker with local access via a NULL pointer dereference in the ovl posix acl create function in fs/overlayfs/dir.c. This allows attackers who c...

8.4CVSS6.8AI score0.98745EPSS
Exploits37References123
OSV
OSV
added 2019/02/15 12:0 a.m.1 views

UBUNTU-CVE-2019-6974

In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free...

8.1CVSS6.7AI score0.16523EPSS
Exploits2References10
OSV
OSV
added 2019/02/12 8:29 p.m.5 views

CVE-2019-7550

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued...

5.3CVSS6.1AI score0.01842EPSS
Exploits1References1
Rows per page
Query Builder