Lucene search
K

8688 matches found

Exploit DB
Exploit DB
added 2017/10/28 12:0 a.m.31 views

Uniview - Remote Command Execution / Export Config (PoC)

STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config http://IP:PORT/cgi-bin/main-cgi?json="cmd":255,"szUserName":"","u32UserLoginHandle":-1 -tcpdump- check active capture...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/10/26 12:0 a.m.4 views

Apache Derby Overwrite Arbitrary File Vulnerability

Apache Derby is the United States Apache Apache Software Foundation developed a set of open source database management system. A security vulnerability exists in the export process in Apache Derby. A remote attacker could exploit the vulnerability to overwrite an existing file...

7.5CVSS7.6AI score0.04427EPSS
Exploits0References1
Veracode
Veracode
added 2017/10/25 2:13 a.m.23 views

CSV Injection

keystone is vulnerable to CSV injection attacks. These attacks are possible because of a mishandled value during the exporting of a CSV file...

8.8CVSS8.7AI score0.07217EPSS
Exploits4References5Affected Software1
OSV
OSV
added 2017/10/24 9:29 p.m.13 views

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

8.8CVSS7AI score
Exploits0References3
Veracode
Veracode
added 2017/10/24 3:50 a.m.28 views

Unauthorized File Overwrite

Apache Derby is vulnerable to unauthorized file overwrites. The library accepts the file:// protocol in the url, allowing a malicious user to overwrite existing files when exporting files...

7.5CVSS7.2AI score0.04427EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2017/10/23 1:29 p.m.28 views

CVE-2010-2232

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

7.5CVSS7.9AI score0.04427EPSS
Exploits0References3
Prion
Prion
added 2017/10/23 1:29 p.m.24 views

Design/Logic Flaw

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

5CVSS6.9AI score0.04427EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/10/23 1:0 p.m.87 views

CVE-2010-2232

CVE-2010-2232 (Apache Derby) is an export-processing flaw affecting Derby versions 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3. A remote attacker could exploit the export functionality to overwrite an existing file. This is documented across multiple sources (NVD entry and related advisories) and ...

7.5CVSS7.3AI score0.04427EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/10/23 1:0 p.m.32 views

CVE-2010-2232

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

7.5AI score0.04427EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2017/10/23 1:0 p.m.27 views

CVE-2010-2232

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

7.5CVSS7.6AI score0.04427EPSS
Exploits0
Atlassian
Atlassian
added 2017/10/23 12:40 p.m.35 views

XSS Vulnerability in JIRA Issue Export

A search endpoint is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri...

6.6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2017/10/20 12:0 a.m.2 views

Octopus Deploy Information Disclosure Vulnerability

Octopus Deploy is the automated deployment and release management server. An information disclosure vulnerability exists in Octopus Deploy prior to version 3.17.7. When a special client user account is granted CertificateExportPrivateKey privileges and "client access" is enabled on the Octopus...

6.5CVSS6.2AI score0.006EPSS
Exploits0References1
NVD
NVD
added 2017/10/19 5:29 p.m.12 views

CVE-2017-10340

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.8CVSS4.3AI score0.01031EPSS
Exploits0References2
OSV
OSV
added 2017/10/19 5:29 p.m.4 views

CVE-2017-10344

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.5CVSS7.3AI score0.01198EPSS
Exploits0References2
OSV
OSV
added 2017/10/19 5:29 p.m.3 views

CVE-2017-10343

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.5CVSS5.8AI score0.01728EPSS
Exploits0References2
Prion
Prion
added 2017/10/19 5:29 p.m.14 views

Buffer overflow

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

4.3CVSS5.5AI score0.01728EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2017/10/19 5:0 p.m.5 views

CVE-2017-10343

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.2AI score0.01728EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/10/19 5:0 p.m.16 views

CVE-2017-10343

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.6AI score0.01728EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2017/10/19 5:0 p.m.7 views

CVE-2017-10340

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.7AI score0.01031EPSS
Exploits0References2
NVD
NVD
added 2017/10/19 8:29 a.m.18 views

CVE-2017-15610

An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the...

6.5CVSS6.5AI score0.006EPSS
Exploits0References1
Rows per page
Query Builder