CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2017/08/09 12:0 a.m.•10 views

Fedora 25 : subversion (2017-b9e4c24094)

This update includes the latest stable release of Apache Subversion, version 1.9.6. User-visible changes: Client-side bugfixes : - cp/mv: improve error message when target is an unversioned dir - merge: reduce memory usage with large amounts of mergeinfo issue 4667 Server-side bugfixes : -...

5.4AI score

Citrix•added 2017/08/08 12:0 a.m.•10 views

"Access to your company network is not currently available" Error message while accessing Secure Hub XenMobile Store

Attempts to access the Store in Secure Hub causes an error "Access to your company network is not currently available". Please find the snapshot of an error message. Logs 2017-08-04T16:21:53.886+0200 ",X1AuthController,INFO 4,-AuthController getCertificateForURL:callback:,"Providing the certifica...

7AI score

Citrix•added 2017/08/07 12:0 a.m.•8 views

Receiver for Windows 4.8, error "The specified module could not be found."

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Unable to launch Published Desktops, it fails to launch with error"The specified module could not be...

7AI score

Hacker One•added 2017/08/05 5:41 a.m.•25 views

Legal Robot: User enumeration from failed login error message

A security researcher reported an issue around user enumeration through examination of the failed registration error message. Since this change was reported, Legal Robot has switched to a method wherein any registration attempts for accounts that already exist will be redirected to the same...

1.3AI score

Prion•added 2017/07/31 9:29 p.m.•10 views

Design/Logic Flaw

IBM Jazz Reporting Service JRS 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863...

4CVSS4.9AI score0.01198EPSS

OSV•added 2017/07/31 9:29 p.m.•2 views

CVE-2017-1370

4.9CVSS5.7AI score0.01198EPSS

NVD•added 2017/07/31 9:29 p.m.•19 views

CVE-2017-1370

4.9CVSS4.9AI score0.01198EPSS

CVE•added 2017/07/31 9:0 p.m.•45 views

CVE-2017-1370

CVE-2017-1370 affects IBM Jazz Reporting Service (JRS) versions 5.0–6.0 (as shipped with RRDI/Rational Insight). The vulnerability allows disclosure of sensitive information, including user credentials, via an error message on the Report Builder administrator configuration page. IBM security bull...

4.9CVSS4.9AI score0.01198EPSS

Veracode•added 2017/07/28 3:57 a.m.•16 views

Information Disclosure

Moodle is vulnerable to information disclosure. The library displays the file system path of the Moodle Installation through an error message when a user tries to access an internal file...

5CVSS5.6AI score0.02118EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2017/07/26 12:0 a.m.•18 views

Fedora 26 : subversion (2017-704c201dbb)

5.4AI score

Veracode•added 2017/07/20 6:15 a.m.•26 views

Path Information Disclosure

phpMyAdmin is vulnerable to path information disclosure. When a configuration file is missing, showconfigerrors.php does not prevent disclosing the installation path through an error message about the missing file upon the direct request of the attackers...

4.3CVSS5.5AI score0.02143EPSS

Exploits1References11Affected Software1

Citrix•added 2017/07/19 12:0 a.m.•6 views

StoreFront Management console shows error "No Web Receiver Services found within IIS site '-1'. defaultDocument"

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information StoreFront Management console shows error "No Web Receiver Services found within IIS site '-1'...

6.8AI score

Tenable Nessus•added 2017/07/11 12:0 a.m.•151 views

Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)

The version of Apache Struts running on the remote Windows host is 2.3.x. It is, therefore, potentially affected by a remote code execution vulnerability in the Struts 1 plugin showcase app in the ActionMessage class due to improper validation of user-supplied input passed via error messages. An...

9.8CVSS8.6AI score0.98931EPSS

Exploits19References2

Veracode•added 2017/07/07 9:38 p.m.•58 views

Remote Code Execution (RCE)

struts2-struts1-plugin is vulnerable to remote code execution RCE attacks. These attacks are possible because the user input are not sanitized and are directly passed through messages.add to be used as a part of an error message in the ActionMessage class. This doesn't affect users of the Struts...

9.8CVSS9.6AI score0.99461EPSS

Exploits42References11Affected Software1

OSV•added 2017/07/07 12:29 a.m.•3 views

CVE-2017-5001

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more...

4.3CVSS5.8AI score0.01296EPSS

Prion•added 2017/07/07 12:29 a.m.•12 views

Information disclosure

4CVSS4.4AI score0.01296EPSS

Prion•added 2017/07/07 12:29 a.m.•15 views

Information disclosure

4CVSS4.4AI score0.01296EPSS