Lucene search
K

81 matches found

CNVD
CNVD
added 2019/09/12 12:0 a.m.5 views

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-31853)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

5.4CVSS6AI score0.02794EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
added 2019/04/29 12:0 a.m.29 views

Foxit Reader XFA Stuff Integer Overflow Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

3.3CVSS1.8AI score0.10722EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/02/12 12:0 a.m.31 views

Microsoft Windows CreateDIBitmap Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS0.9AI score0.07708EPSS
Exploits0References1
OSV
OSV
added 2019/01/24 4:29 a.m.5 views

CVE-2018-17625

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score0.03918EPSS
Exploits0References2
Prion
Prion
added 2019/01/24 4:29 a.m.13 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.03855EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2019/01/24 4:29 a.m.20 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.03855EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2019/01/24 4:29 a.m.23 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.03855EPSS
Exploits0References2Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.17 views

LAquis SCADA LGX Report Ini WriteString Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS1.7AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/09/12 12:0 a.m.23 views

Fuji Electric V-Server VPR File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

6.8CVSS4AI score0.02656EPSS
Exploits0References1
OSV
OSV
added 2018/08/30 12:29 p.m.3 views

CVE-2018-11616

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score0.04884EPSS
Exploits0References1
OSV
OSV
added 2018/07/31 8:29 p.m.4 views

CVE-2018-14288

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score0.02773EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.15 views

CVE-2018-5135

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox 59...

7.5CVSS8.8AI score0.01548EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2017/12/12 9:29 p.m.1 views

CVE-2017-11916

ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890,...

7.6CVSS6AI score0.68491EPSS
Exploits28References3
Prion
Prion
added 2017/08/29 1:29 p.m.18 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

6.8CVSS8.8AI score0.03936EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2017/03/08 1:59 a.m.4 views

CVE-2017-0456

An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7CVSS7.5AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/10/21 12:0 a.m.7 views

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a hacker to redirect users to a malicious website.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a malicious actor to execute a script within the context of the current user’s security, using a specially created website...

6.8CVSS5.6AI score0.0596EPSS
Exploits4References4
Check Point Advisories
Check Point Advisories
added 2010/02/14 12:0 a.m.2 views

MediaWiki Parser Script Insertion (CVE-2006-2611)

A Wiki is generally referred to a collaborative online system that allows many users to easily contribute content by creating web pages that have a common look and feel and that may be changed and revised at any time. MediaWiki is a popular implementation of the Wiki system. It uses a number of P...

4.3CVSS6.9AI score0.01848EPSS
Exploits1
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.27 views

Signed JAR tampering — Mozilla

Security researchers Collin Jackson and Adam Barth reported a series of vulnerabilities which allow JavaScript to be injected into the context of signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privilege...

7.5CVSS5AI score0.0281EPSS
Exploits1References3Affected Software2
exploitpack
exploitpack
added 2004/02/26 12:0 a.m.15 views

RhinoSoft Serv-U FTPd Server 345 - MDTM Time Argument Buffer Overflow (2)

RhinoSoft Serv-U FTPd Server 345 - MDTM Time Argument Buffer Overflow 2 // source: https://www.securityfocus.com/bid/9751/info Serv-U FTP Server has been reported prone to a remote stack based buffer overflow vulnerability when handling time zone arguments passed to the MDTM FTP command. The...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2004/02/23 12:0 a.m.20 views

Proxy-Pro Professional GateKeeper 4.7 Web Proxy - Buffer Overrun

// source: https://www.securityfocus.com/bid/9716/info Proxy-Pro Professional GateKeeper is prone to a remotely exploitable buffer overrun that may be triggered by passing HTTP GET requests of excessive length through the web proxy component. This could be exploited to execute arbitrary code in t...

7.4AI score
Exploits0
Rows per page
Query Builder