CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2017/07/17 12:0 a.m.•50 views

CVE-2017-11348

Octopus Deploy 3.x pre-3.15.4 is affected. An authenticated user with PackagePush permission can upload a malicious NuGet package that may overwrite other packages or modify system files due to a directory traversal flaw in the PackageId value. Affected component: package upload handling in Octop...

6.3CVSS5.4AI score0.01222EPSS

Exploits0References1Affected Software2

Cvelist•added 2017/07/17 12:0 a.m.•20 views

CVE-2017-11348

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value...

5.5AI score0.01222EPSS

CNVD•added 2017/06/01 12:0 a.m.•1 views

Octopus Deploy Authentication Code Execution Vulnerability

Octopus is a deployment tool for .NET automation. An authentication code execution vulnerability exists in Octopus Deploy. Arbitrary code execution occurs due to poor filtering of the program during the authentication process...

7.8AI score

Exploit DB•added 2017/05/29 12:0 a.m.•59 views

Octopus Deploy - (Authenticated) Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...

7.4AI score

0day.today•added 2017/05/28 12:0 a.m.•38 views

Octopus Deploy Authenticated Code Execution Exploit

This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: http://metasploit.com/download Current...

7.3AI score

Packet Storm•added 2017/05/27 12:0 a.m.•64 views

Octopus Deploy Authenticated Code Execution

0.3AI score

Metasploit•added 2017/05/15 11:57 p.m.•22 views

Octopus Deploy Authenticated Code Execution

This module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: https://metasploit.com/download Current source:...

7.3AI score

CNVD•added 2017/04/27 12:0 a.m.•1 views

IBM UrbanCode DeployXML External Entity Injection Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the automation of complex applications in different...

8.1CVSS7.2AI score0.01517EPSS

OSV•added 2017/04/25 6:59 p.m.•2 views

CVE-2017-1149

IBM UrbanCode Deploy UCD 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM...

8.1CVSS5.8AI score0.01517EPSS

Prion•added 2017/04/25 6:59 p.m.•19 views

Xxe

7.5CVSS7.8AI score0.01517EPSS

Cvelist•added 2017/04/25 6:0 p.m.•21 views

CVE-2017-1149

8.1AI score0.01517EPSS

CVE•added 2017/04/25 6:0 p.m.•49 views

CVE-2017-1149

CVE-2017-1149 affects IBM UrbanCode Deploy (UCD) versions 6.0, 6.1, and 6.2. The vulnerability is an XML External Entity (XXE) injection in XML data processing, enabling a remote attacker to cause a denial of service and potentially disclose sensitive information or exhaust memory resources. The ...

8.1CVSS8AI score0.01517EPSS

OSV•added 2017/03/20 3:22 p.m.•4 views

SUSE-SU-2017:0758-1 Security update for ceph

This update provides Ceph 10.2.5, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-8626: Handle empty POST condition to not allow attackers to crash the ceph-radosgw service. bsc1007217 These non-security issues were fixed: - OSD daemon uses 100% CPU load after OSD...

6.8CVSS6.5AI score0.0231EPSS

Exploits0References9

Symantec•added 2017/03/14 12:0 a.m.•32 views

Microsoft Edge CVE-2017-0017 Information Disclosure Vulnerability

Description Microsoft Edge is prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks...

4.3CVSS0.1AI score0.41952EPSS

Prion•added 2017/03/08 7:59 p.m.•17 views

Cross site scripting

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : C1000264...

3.5CVSS6.5AI score0.00516EPSS

OSV•added 2017/03/08 7:59 p.m.•2 views

CVE-2016-9006

5.4CVSS5.4AI score

NVD•added 2017/03/08 7:59 p.m.•15 views

CVE-2016-9006

5.4CVSS5.3AI score0.00516EPSS

Cvelist•added 2017/03/08 7:0 p.m.•18 views

CVE-2016-9006

5.2AI score0.00516EPSS

CVE•added 2017/03/08 7:0 p.m.•42 views

CVE-2016-9006

CVE-2016-9006 affects IBM UrbanCode Deploy versions 6.1 and 6.2, with a cross-site scripting flaw in the Web UI that can cause arbitrary JavaScript execution within a trusted session and potentially credential disclosure. Description across sources confirms the vulnerability class (XSS) and affec...

5.4CVSS5.2AI score0.00516EPSS