Lucene search
K

8688 matches found

Zero Day Initiative
Zero Day Initiative
added 2017/12/20 12:0 a.m.30 views

Symantec Messaging Gateway Export Servlet snmpFileName Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Symantec Messaging Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the export servlet. When parsing the snmpFileName parameter, the proces...

4CVSS1.9AI score0.01372EPSS
Exploits0References1
Patchstack
Patchstack
added 2017/12/20 12:0 a.m.20 views

WordPress CSV Import-Export plugin <=1.1.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress CSV Import-Export plugin versions =1.1.0. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated three years ago. Uninstall or use it at your own risk...

6.1CVSS1.5AI score0.00845EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2017/12/19 8:29 p.m.3 views

CVE-2017-17753

Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cietype, 2 cieimport, 3 cieupdate, or 4 cieignore parameter to includes/admin/views/esb-cie-import-export-page.ph...

6.1CVSS5.8AI score0.00845EPSS
Exploits2References1
CVE
CVE
added 2017/12/19 8:0 p.m.51 views

CVE-2017-17753

The CVE-2017-17753 entry concerns the WordPress plugin esb-csv-import-export (versions up to 1.1). The vulnerability is an XSS in includes/admin/views/esb-cie-import-export-page.php where the GET parameters cie_type, cie_import, cie_update, and cie_ignore are echoed back to the user without prope...

6.1CVSS6.1AI score0.00845EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/12/19 12:0 a.m.18 views

Csv Import-Export <= 1.1 - Authenticated Cross-Site Scripting (XSS)

The csv-import-export WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS2AI score0.00845EPSS
Exploits2References2Affected Software1
Fedora
Fedora
added 2017/12/12 11:30 a.m.31 views

[SECURITY] Fedora 27 Update: rubygem-yard-0.9.8-4.fc27

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

7.5CVSS0.8AI score0.02894EPSS
Exploits0
Kitploit
Kitploit
added 2017/12/10 1:21 p.m.20 views

N4xD0rk - Listing Subdomains About A Main Domain

Listing subdomains about the main domain using the technique called Hacking with search engines. Usage usage: n4xd0rk.py -h -d DOMAIN -i IP -o OPTION -n SEARCH -e EXPORT -l LANGUAGE This script searchs the subdomains about a domain using the results indexed of Bing search. optional arguments: -h,...

7.2AI score
Exploits0References1
hackapp
hackapp
added 2017/12/07 12:31 p.m.525 views

Ramco mHub - Customized SSL, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Ramco mHub published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/12/07 12:0 a.m.3 views

Palo Alto Networks PAN-OS Security Bypass Vulnerability (CNVD-2017-37959)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security bypass vulnerability exists in the Configuration File Export for Applications, Spyware, and Vulnerable Objects feature of the web interface in Palo Alto Networks PAN-OS...

5.3CVSS6.9AI score0.01705EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/07 12:0 a.m.2 views

Umeng Push SDK Export Service Component Code Execution Vulnerability

Umeng Push SDK is a set of software development kits for developing message push programs from China AUO Umeng. Export Service component is one of the export components. A security vulnerability exists in the Export Service component in Umeng Push SDK version 3.1.X prior to 3.1.3. An attacker can...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/05 9:13 p.m.12 views

CMSsc4n - Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop

Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop. Use python cmssc4n.py -h / | / |/ | | || | | | | \ / | | || | | | | |/| |\ / |/ | | ' \ | || | | | \ \ | | | | | | || ||/|/| || || || Tool to scan if a domain is a CMS Wordpress , Drupal, Joomla,...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/11/20 9:17 p.m.12 views

Skype Log Viewer - Download and View Skype History Without Skype

Download and View Skype History Without Skype. This program allows you to view all of your skype chat logs and then easily export them as text files. It correctly organizes them by conversation, and makes sure that group conversations do not get jumbled with one on one chats. Features Download...

7.2AI score
Exploits0References1
n0where
n0where
added 2017/11/14 7:15 p.m.17 views

Open Source Threat Intelligence Gathering & Processing Framework: GOSINT

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...

6.8AI score
Exploits0References2
Veeam
Veeam
added 2017/11/14 12:0 a.m.14 views

Failed to import Veeam Cloud Connect certificate after Veeam Availability Console server migration

Challenge After migrating your Veeam Availability Console VAC installation to a new server and adding an existing Veeam Cloud Connect VCC server, the following certificate error may be observed: Failed to import certificate from the Veeam Cloud Connect server. See debug logs for more information...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/11/10 9:19 p.m.31 views

CVE-2010-2232

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

7.5CVSS4AI score0.04427EPSS
Exploits0References1
NVD
NVD
added 2017/11/03 6:29 p.m.18 views

CVE-2017-1000133

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages...

7.5CVSS7.5AI score0.01082EPSS
Exploits0References1
Prion
Prion
added 2017/11/03 6:29 p.m.17 views

Code injection

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages...

5CVSS7.5AI score0.01082EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/11/03 6:0 p.m.54 views

CVE-2017-1000133

Mahara versions affected: 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2. The vulnerability allows an attacker to cause another user’s artefacts to be included in the attacker’s Leap2a export, effectively enabling exposure of another user’s artefacts. Some connected sources ...

7.5CVSS7.4AI score0.01082EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2017/11/03 4:44 p.m.14 views

Trello: CSV injection [N/A]

Hello, We can inject commands in the name field of a board =210 or =cmd|'/C calc'!AO for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/10/28 12:0 a.m.20 views

Uniview - Remote Command Execution Export Config (PoC)

Uniview - Remote Command Execution Export Config PoC STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...

0.2AI score
Exploits0
Rows per page
Query Builder