Lucene search
K

150 matches found

Positive Technologies
Positive Technologies
added 2019/04/05 12:0 a.m.7 views

PT-2019-12079 · Salicru · Slc-20-Cube3

Name of the Vulnerable Software and Affected Versions: Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 Description: A reflected HTML injection issue allows remote attackers to inject arbitrary HTML elements via specific API endpoints, including /DataLog.csv?log=,...

6.1CVSS6.5AI score0.05817EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2019/03/09 12:0 a.m.9 views

PT-2019-9644 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software due to JSON injection via the "api/v1/data" endpoint, specifically through the tqx parameter. This is caused by the web client api request v1 data function in web/api/web api...

9.1CVSS6.5AI score0.02172EPSS
Exploits8References59
Positive Technologies
Positive Technologies
added 2019/03/09 12:0 a.m.10 views

PT-2019-9645 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software where HTTP Header Injection is possible via the filename parameter in the "api/v1/data" endpoint. This is due to the web client api request v1 data function in web/api/web ap...

9.1CVSS6.6AI score0.02172EPSS
Exploits8References59
CNVD
CNVD
added 2018/12/04 12:0 a.m.5 views

Drobo 5N2 Improper Access Control Vulnerability (CNVD-2019-05918)

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. An access control error vulnerability exists in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker...

9.8CVSS7AI score0.01337EPSS
Exploits1References1
OSV
OSV
added 2018/12/03 10:29 p.m.3 views

CVE-2018-14703

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password...

9.8CVSS5.8AI score0.01337EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/02/21 12:0 a.m.6 views

PT-2018-17108 · Reprise · Reprise License Manager

Name of the Vulnerable Software and Affected Versions: Reprise License Manager version 11.0 Description: A Path Traversal issue allows an attacker to access files on the server's file system by modifying a field in the web request. Specifically, by specifying a pathname in the lf parameter to the...

8.5CVSS6.5AI score0.0177EPSS
Exploits1References3
CNVD
CNVD
added 2016/11/22 12:0 a.m.1 views

OwnCloud 'dav' app content spoofing vulnerability

OwnCloud is a free and open source personal cloud storage solution from OwnCloud Germany. A content spoofing vulnerability exists in the OwnCloud 'dav' app. A misrepresentation of potential information is caused by displaying an anomalous message that contains partial user-controllable input at t...

6.5AI score
Exploits0References1
OSV
OSV
added 2016/05/02 12:0 a.m.11 views

UBUNTU-CVE-2016-3138

The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...

4.6CVSS7.2AI score0.00546EPSS
Exploits1References18
UbuntuCve
UbuntuCve
added 2016/05/02 12:0 a.m.36 views

CVE-2016-3138

The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...

4.9CVSS6.7AI score0.00546EPSS
Exploits1References17
exploitpack
exploitpack
added 2015/03/18 12:0 a.m.40 views

Websense Appliance Manager - Command Injection

Websense Appliance Manager - Command Injection Abstract A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remo...

0.3AI score
Exploits0
Rows per page
Query Builder