Lucene search
+L

226 matches found

Openbugbounty
Openbugbounty
added 2020/02/10 11:39 p.m.16 views

exp-oncology.com.ua Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1089433 Security Researcher DakkarKey Helped patch 407 vulnerabilities Received 6 Coordinated Disclosure badges Received 14 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting exp-oncology.com.ua websi...

6.7AI score
Exploits0
Broadcom
Broadcom
added 2019/12/19 12:0 a.m.6 views

BSA-2020-893

Security Advisory ID : BSA-2020-893 Component : OpenSSL Revision : 2.0: Final There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...

5.3CVSS7AI score0.14298EPSS
Exploits0
OSV
OSV
added 2019/12/06 6:15 p.m.1 views

DEBIAN-CVE-2019-1551

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.3AI score0.14298EPSS
Exploits0References1
myhack58
myhack58
added 2019/09/07 12:0 a.m.952 views

CVE-2019-15846: the exim remote access to root privileges vulnerability alerts-a vulnerability alert-the black bar safety net

GMT 2019 9 November 6 December 18: 00 PM, the exim release exim-4.92.2 version fixes CVE-2019-15846, an attacker can use this vulnerability to remotely obtain root privileges. Vulnerabilities from qualys to find and report. 360CERT determine the vulnerability to hazards and the impact is large...

1.5AI score0.35736EPSS
Exploits3
myhack58
myhack58
added 2019/05/09 12:0 a.m.152 views

How to build your own PoC framework Pocsuite3 using the article-the vulnerability warning-the black bar safety net

Compared to boring the usage of the description, the more I want to say about Pocsuite3 why will have these features as well as how to achieve. If you also want to build a similar tool, Pocsuite3 some of the thoughts may be able to help you. This article is also recorded Pocsuite3 development...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/04/26 9:3 p.m.5 views

apr: Out-of-bounds array deref in apr_time_exp*() functions

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...

7.1CVSS7.3AI score0.01749EPSS
Exploits0References5
0day.today
0day.today
added 2018/01/03 12:0 a.m.59 views

Joomla EXP Auto 4.2.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla EXP Auto 4.2.3 - SQL Injection Credit: Bilal KARDADOU Vendor: http://www.feellove.eu/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/exp-auto/ Product: 'Joomla EXP Auto 4.2.3' Developer: Grusha...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/01/03 12:0 a.m.47 views

Joomla EXP Auto 4.2.3 SQL Injection

Title: Joomla EXP Auto 4.2.3 - SQL Injection Credit: Bilal KARDADOU Vendor: http://www.feellove.eu/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/exp-auto/ Product: 'Joomla EXP Auto 4.2.3' Developer: Grusha Extension type: Plugin Last updated: Aug 10 2017...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/12/26 12:0 a.m.608 views

Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution

Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "",...

5CVSS0.5AI score0.99993EPSS
Exploits45
Exploit DB
Exploit DB
added 2017/12/26 12:0 a.m.515 views

Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution

import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "", ""+"".joinhtmlescapetable.getc, c for c in commandin+"" payload1 = " \...

7.5CVSS7.9AI score0.99993EPSS
Exploits45
RedHat Linux
RedHat Linux
added 2017/12/15 10:34 p.m.5 views

apr: Out-of-bounds array deref in apr_time_exp*() functions

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...

7.1CVSS7.3AI score0.01749EPSS
Exploits0References5
NVD
NVD
added 2017/12/09 6:29 a.m.17 views

CVE-2017-3109

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet...

6.1CVSS6AI score0.0293EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/11/28 10:42 p.m.6 views

apr: Out-of-bounds array deref in apr_time_exp*() functions

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...

7.1CVSS7.3AI score0.01749EPSS
Exploits0References5
OSV
OSV
added 2017/09/13 8:29 a.m.3 views

CVE-2017-7441

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 included in the HitmanPro.Alert solution and Sophos Clean, a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical informatio...

7.8CVSS5.9AI score0.00462EPSS
Exploits1References2
Prion
Prion
added 2017/08/11 7:29 p.m.18 views

Privilege escalation

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability...

7.5CVSS9.4AI score0.08624EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2016/12/16 12:0 a.m.75 views

unsorted bin attack analysis-vulnerability warning-the black bar safety net

One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...

1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.6 views

pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)

PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

7.5CVSS7.4AI score0.06587EPSS
Exploits0References4
CNVD
CNVD
added 2016/11/04 12:0 a.m.4 views

OIC Exponent CMS SQL Injection Vulnerability

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A SQL injection vulnerability...

7.5CVSS7.8AI score0.0204EPSS
Exploits0References1
myhack58
myhack58
added 2016/10/07 12:0 a.m.21 views

kill. exe overflow vulnerability analysis and EXP discussion-vulnerability warning-the black bar safety net

1. Foreword A few days ago, the author at exploit-db and found a kill. exe overflow vulnerability, in many of the UAF vulnerability, this simple overflow vulnerability simply as a unit of springs in General, then be picked out, deeply looked. The original plan to write a full available EXP, but...

0.4AI score
Exploits0
CVE
CVE
added 2016/08/09 8:0 p.m.50 views

CVE-2016-4169

Adobe Experience Manager 6.0–6.2 contains an information-disclosure vulnerability (CVE-2016-4169) that allows unprivileged users to access sensitive audit log event information via unspecified vectors. The issue affects AEM 6.0, 6.1, and 6.2 and is documented in multiple sources including the thr...

5.3CVSS5AI score0.0275EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder