Lucene search
K

8688 matches found

OSV
OSV
added 2017/10/19 8:29 a.m.3 views

CVE-2017-15610

An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the...

6.5CVSS5.8AI score0.006EPSS
Exploits0References1
OSV
OSV
added 2017/10/18 6:29 p.m.6 views

CVE-2017-14956

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

5.7CVSS5.8AI score0.0186EPSS
Exploits6References6
Prion
Prion
added 2017/10/18 6:29 p.m.26 views

Cross site request forgery (csrf)

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

3.5CVSS5.3AI score0.0186EPSS
Exploits6References6Affected Software1
NVD
NVD
added 2017/10/18 6:29 p.m.42 views

CVE-2017-14956

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

5.7CVSS5.4AI score0.0186EPSS
Exploits6References6
Cvelist
Cvelist
added 2017/10/18 6:0 p.m.39 views

CVE-2017-14956

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

5.4AI score0.0186EPSS
Exploits6References6
CNVD
CNVD
added 2017/10/18 12:0 a.m.1 views

Unspecified Vulnerability in Oracle Hospitality Simphony (CNVD-2017-31506)

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Simphony is one of the cloud-based mobile food and beverage sales components of the solution, which provides human resource cos...

6.5CVSS6.8AI score0.01728EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/18 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Hospitality Simphony (CNVD-2017-31509)

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Simphony is one of the cloud-based mobile food and beverage sales components of the solution, which provides human resource cos...

5.8CVSS5.7AI score0.01031EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/18 12:0 a.m.2 views

Unspecified Vulnerability in Oracle Hospitality Simphony (CNVD-2017-31507)

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Simphony is one of the cloud-based mobile food and beverage sales components of the solution, which provides human resource cos...

6.5CVSS6.9AI score0.01198EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/16 12:0 a.m.8 views

AlienVault USM Cross-Site Request Forgery Vulnerability

AlienVault USM is a set of security management platforms from AlienVault USA. The platform provides security monitoring, security event management and reporting, threat awareness system and other functions. A cross-site request forgery vulnerability exists in AlienVault USM 5.4.2 and earlier...

5.7CVSS6AI score0.0186EPSS
Exploits6References1
exploitpack
exploitpack
added 2017/10/13 12:0 a.m.94 views

AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery

AlienVault Unified Security Management USM 5.4.2 - Cross-Site Request Forgery 1. ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: https://www.alienvault.com Type: Cross-Site Request Forgery CWE-253 Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 6.5...

3.5CVSS5.7AI score0.0186EPSS
Exploits6
CNVD
CNVD
added 2017/10/13 12:0 a.m.4 views

WordPress cp-contact-form-with-paypal plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin is one of the payment plugins. A cross-site...

8.8CVSS8.3AI score0.01012EPSS
Exploits0References1
OSV
OSV
added 2017/10/11 7:29 p.m.2 views

CVE-2017-14369

RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records...

4.3CVSS5.8AI score0.01107EPSS
Exploits1References3
Microsoft KB
Microsoft KB
added 2017/10/10 7:0 a.m.61 views

Description of the security update for SharePoint Foundation 2013: October 10, 2017

Description of the security update for SharePoint Foundation 2013: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

5.4CVSS6.6AI score0.02267EPSS
Exploits0
CNVD
CNVD
added 2017/10/09 12:0 a.m.2 views

EMC RSA Archer product elevation of privilege vulnerability

The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments, and defects across your business. An elevation of privilege vulnerability exists in RSA Archer GRC Platform, which could be exploited by a low-privileged RSA Archer user to elevate their...

4.3CVSS5.3AI score0.01107EPSS
Exploits1References1
Fedora
Fedora
added 2017/09/30 7:30 a.m.32 views

[SECURITY] Fedora 27 Update: rawtherapee-5.2-2.fc27

Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format...

7.5CVSS3AI score0.02988EPSS
Exploits0
Atlassian
Atlassian
added 2017/09/28 4:21 a.m.18 views

jira xml export does not escape label and component values

searchrequest-sml endpoint html encodes issue description text, but not issue labels or component. This means that other plugins / products relying on this end point for these values are vulnerable to XSS attacks, see linked issue. Please html encode these string values : example...

6.2AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2017/09/27 3:28 a.m.30 views

Bitwarden: Export vault feature is vulnerable to CSV injection

Hello guys I don't know if you care about this issue but it seems that the export feature in your https://vault.bitwarden.com//tools is vulnerable to CSV injection. If a CSV contains a malicious command it may have big impact Even though there is a popup notification for users before opening the...

0.8AI score
Exploits0
Fedora
Fedora
added 2017/09/19 3:25 p.m.40 views

[SECURITY] Fedora 25 Update: gtatool-2.2.0-6.fc25

Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of ar rays. For example, you can add components to array elements, merge separate arrays into combined...

8.8CVSS1.1AI score0.04042EPSS
Exploits1
Kitploit
Kitploit
added 2017/09/18 2:30 p.m.51 views

Inventus - A Spider Designed To Find Subdomains Of A Specific Domain By Crawling

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers. It's a Scrapy spider, meaning it's easily modified and extendable to your needs. Demo Requirements Linux -- I haven't tested this on Windows. Python 2.7 or Python 3.3+ Scrapy 1.4....

7.8AI score
Exploits0References1
Cisco Threats
Cisco Threats
added 2017/09/18 2:18 p.m.10 views

Threat Outbreak Alert RuleID30637: Email Messages Distributing Malicious Software on September 18, 2017

Medium Alert ID: 55318 First Published: 2017 September 18 14:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30637 may contain the following files: Name ...

6.9AI score
Exploits0
Rows per page
Query Builder