Lucene search
K

1555 matches found

OSV
OSV
added 2019/07/18 2:18 p.m.7 views

SUSE-SU-2019:1894-1 Security update for LibreOffice

This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.5.2 fate327121 bsc1128845 bsc1123455, bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb bsc1135189 - PPTX: Rectangle...

9.8CVSS8.8AI score0.67547EPSS
Exploits10References14
CNVD
CNVD
added 2019/07/17 12:0 a.m.2 views

Oracle MySQL Server Component Access Control Error Vulnerability (CNVD-2019-26667)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A component access control error vulnerability exists in the Server: Data Dictionary subcomponent of the MySQL Server component in Oracle MySQL,...

6.5CVSS6AI score0.01834EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/06/16 12:0 a.m.2 views

PT-2019-6352 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.12 and prior Description: The issue is related to insufficient input validation in the MySQL Server component, specifically in the Server: Data Dictionary subcomponent. This allows an attacker with network access via...

6.8CVSS5.4AI score0.01834EPSS
Exploits0References8
Kitploit
Kitploit
added 2019/06/07 12:52 p.m.128 views

Zydra - File Password Recovery Tool And Linux Shadow File Cracker

Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords. Supported Files RAR Files Legacy ZIP Files PDF Files Linux Shadow Files zydra can find all the user’s password in the linux shadow file one after the...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2019/05/18 12:59 p.m.181 views

Brutemap - Tool That Automates Testing Accounts To The Site's Login Page

Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because...

7AI score
Exploits0References6
Kitploit
Kitploit
added 2019/05/15 9:53 p.m.153 views

JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens

jwttool.py is a toolkit for validating, forging and cracking JWTs JSON Web Tokens. Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/k...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/05/15 12:54 p.m.83 views

Trigmap - A Wrapper For Nmap To Automate The Pentest

Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable easy to run not only on Kali Linux and very efficient thanks to the optimized Nmap algorithms. Detail...

6.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.28 views

EulerOS Virtualization 3.0.1.0 : ghostscript (EulerOS-SA-2019-1465)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript fil...

7.3CVSS6.7AI score0.02642EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/05/07 4:22 a.m.3 views

ghostscript: superexec operator is available (700585)

It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

7.3CVSS7.1AI score0.02642EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/04/23 12:0 a.m.37 views

FreeBSD : FreeBSD -- SAE side-channel attacks (7e53f9cc-656d-11e9-8e67-206a8a720317)

Side channel attacks in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information about the used password...

5.9CVSS6.9AI score0.03739EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/04/22 12:0 a.m.28 views

FreeBSD : Ghostscript -- Security bypass vulnerability (5ed7102e-6454-11e9-9a3a-001cc0382b2f)

Cedric Buissart Red Hat reports : It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by...

7.3CVSS6.5AI score0.02642EPSS
Exploits0References3
Schneier on Security
Schneier on Security
added 2019/04/15 7:0 p.m.59 views

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...

1.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/15 12:0 a.m.46 views

Debian DSA-4430-1 : wpa - security update

Mathy Vanhoef NYUAD and Eyal Ronen Tel Aviv University & KU Leuven found multiple vulnerabilities in the WPA implementation found in wpasupplication station and hostapd access point. These vulnerability are also collectively known as 'Dragonblood'. - CVE-2019-9495 Cache-based side-channel attack...

8.1CVSS7AI score0.05372EPSS
Exploits1References14
The Hacker News
The Hacker News
added 2019/04/10 6:30 p.m.738 views

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

🔥 Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi...

5.9CVSS0.6AI score0.03739EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/10 12:0 a.m.24 views

macOS < 10.14 Multiple Vulnerabilities

Binary data 700518.prm...

10CVSS7.6AI score0.60631EPSS
Exploits20References57
exploitpack
exploitpack
added 2019/04/08 12:0 a.m.32 views

ManageEngine ServiceDesk Plus 9.3 - User Enumeration

ManageEngine ServiceDesk Plus 9.3 - User Enumeration Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Date: 2019-03-29 Exploit Author: Operat0r Vendor Homepage: https://www.manageengine.com/ Software Link:...

6.5CVSS6.5AI score0.19735EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/04/08 12:0 a.m.59 views

ManageEngine ServiceDesk Plus 9.3 - User Enumeration

Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Date: 2019-03-29 Exploit Author: Operat0r Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/service-desk/download.html Version: 9.3 Tested on: Ubuntu Linux CVE :...

4.3CVSS6.4AI score0.07784EPSS
Exploits5
exploitpack
exploitpack
added 2019/04/03 12:0 a.m.20 views

Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion

Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/04/03 12:0 a.m.59 views

Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion Exploit

Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion Exploit VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...

7.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/04/02 12:0 a.m.4 views

November 27, 2018—KB4467681 (OS Build 16299.820)

November 27, 2018—KB4467681 OS Build 16299.820 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Ensures that certain windowed ActiveX controls scroll along with other page content in Intern...

7.6CVSS7.1AI score0.82334EPSS
Exploits4
Rows per page
Query Builder