Lucene search
K

1967 matches found

OSV
OSV
added 2017/06/09 4:29 p.m.4 views

CVE-2016-7824

Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors...

8.8CVSS5.8AI score0.01578EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2017/05/22 12:0 a.m.55 views

Asterisk 14.4.0 Skinny Denial Of Service

Asterisk Skinny memory exhaustion vulnerability leads to DoS - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 with chanskinny enabled - References: AST-2017-004 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-13 - Digium confirmed...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/05/12 12:0 a.m.29 views

Ubuntu 16.10 / 17.04 : lightdm vulnerability (USN-3285-1)

Tyler Hicks discovered that LightDM did not confine the user session for guest users. An attacker with physical access could use this issue to access files and other resources that they should not be able to access. In the default installation, this includes files in the home directories of other...

4.6CVSS5AI score0.00418EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/05/10 12:0 a.m.22 views

Read Asset Identification Tag on scanned host (Linux/Unix SSH Login)

This routine reads the Greenbone Asset Identifier of a system, provided it is a unixoid system offering SSH access. By default, this routine is disabled even it is selected to run. To activate it, it needs to be explicitly enabled with its corresponding preference switch. The file is named asset....

6.9AI score
Exploits0
FireEye
FireEye
added 2017/05/04 12:30 p.m.57 views

Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/05/02 12:0 a.m.2 views

SQL injection vulnerability in SelectedEnableAdmin parameter of AreaInfoHandle.php file of Hikvision's in-vehicle remote monitoring system

Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. Hikvision Vehicle Remote Monitoring System AreaInfoHandle.php page SelectedEnableAdmin parameter exists SQL injection vulnerability, an attacker can exploit the vulnerability to obtain...

7.9AI score
Exploits0
CNVD
CNVD
added 2017/04/30 12:0 a.m.2 views

SQL injection vulnerability in the SelectedEnableAdmin parameter of the AddArea.php file of Hikvision's in-vehicle remote monitoring system

Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. A SQL injection vulnerability exists in the parameter SelectedEnableAdmin in the file AddArea.php of Hikvision Vehicle Remote Monitoring System. It allows attackers to exploit the...

7.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/04/20 12:0 a.m.27 views

Juniper Junos for M/MX Series Routers IPv6 Neighbor Discovery DoS (JSA10786)

According to its self-reported version and configuration, the remote Juniper Junos M/MX Series device is affected by a denial of service vulnerability in a Packet Forwarding Engine PFE when processing IPv6 neighbor discovery ND packets that originate from subscribers and are destined to M/MX seri...

5.3CVSS5.7AI score0.02235EPSS
Exploits0References2
rapid7community
rapid7community
added 2017/03/31 12:8 p.m.23 views

Cisco Enable / Privileged Exec Support

In Nexpose version 6.4.28, we are adding support for privileged elevation on Cisco devices through enable command for those that are running SSH version 2. A fully privileged policy scan provides more accurate information on the target's compliance status, and the ability to do so through enable...

6.8AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2017/03/31 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-3197

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash...

10CVSS7.4AI score0.05641EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/03/30 5:37 a.m.1 views

CentreCOM AR260S V2 vulnerable to privilege escalation

Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Ziv Chang of Trend Micro Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.8CVSS7.2AI score0.01916EPSS
Exploits0References5
OSV
OSV
added 2017/03/18 8:59 p.m.21 views

CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

8.8CVSS8.5AI score
Exploits0References8
Debian CVE
Debian CVE
added 2017/03/18 8:10 p.m.20 views

CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

8.8CVSS9.1AI score0.04036EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2017/03/02 5:6 p.m.5 views

ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands

It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate...

8.1CVSS6.7AI score0.01283EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.5 views

Network drives aren't mapped correctly from DFS namespace in Windows Server 2012 R2-based RDS server

Network drives aren't mapped correctly from DFS namespace in Windows Server 2012 R2-based RDS server This article describes an issue that occurs on a Windows Server 2012 R2-based computer that has the Remote Desktop Services RDS role installed. You can fix this issue by using the update in this...

6.7AI score
Exploits0
Citrix
Citrix
added 2016/12/14 12:0 a.m.11 views

How to Enable Logging on Receiver for Windows Using Registry Entries

This article describes how to enable logging on Receiver for Windows using registry entries. While the registry method is provided as an alternative solution, users are advised to prioritize the Diagnostic Tools for a more efficient and user-friendly troubleshooting experience, and it is strongly...

7AI score
Exploits0
exploitpack
exploitpack
added 2016/11/30 12:0 a.m.13 views

Xfinity Gateway - Cross-Site Request Forgery

Xfinity Gateway - Cross-Site Request Forgery EXPLOIT TITLE: CSRF RCE XFINITY WEB GATEWAY AUTHOR: Pabstersac DATE: 1ST OF AUGUST 2016 CVE: N/A CATEGORY: REMOTE CONTACT: [email protected] IF ANYONE HAS COMMUNICATION WITH VENDOR PLEASE NOTIFY THEM SINCE THEY HAVE IGNORED ME. CSRF FOR COMCAST...

0.8AI score
Exploits0
Oracle linux
Oracle linux
added 2016/10/28 12:0 a.m.134 views

kernel security and bug fix update

kernel - 2.6.18-416.0.0.0.1 - netfront fix ring buffer index go back led vif stop orabug 18272251 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add...

7.8CVSS0.1AI score0.83524EPSS
Exploits83
exploitpack
exploitpack
added 2016/10/18 12:0 a.m.23 views

Cgiemail 1.6 - Source Code Disclosure

Cgiemail 1.6 - Source Code Disclosure !/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script...

7.6AI score
Exploits0
Citrix
Citrix
added 2016/09/21 12:0 a.m.7 views

Storefront - Enable Return to Last Folder

Enable return to last folder...

7.1AI score
Exploits0
Rows per page
Query Builder