Lucene search
K

8688 matches found

Cvelist
Cvelist
added 2017/04/14 2:0 p.m.20 views

CVE-2017-7217

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...

5.1AI score0.01065EPSS
Exploits0References3
CVE
CVE
added 2017/04/14 2:0 p.m.73 views

CVE-2017-7217

CVE-2017-7217 affects Palo Alto Networks PAN-OS: a flaw in the Management Web Interface allows an authenticated, remote attacker to write arbitrary data to temporary/export files due to improper validation of certain request parameters. This vulnerability impacts PAN-OS 7.0.x up to 7.0.13 and PAN...

4.3CVSS5AI score0.01065EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 7:5 a.m.3 views

Cybozu Office fails to restrict access permission in the file export function in "customapp"

Overview Cybozu Office contains an access restriction flaw in the file export function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

4.3CVSS6.7AI score0.01041EPSS
Exploits0References5
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.513 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

2.9AI score0.01065EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.7 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

4.3CVSS6.9AI score0.01065EPSS
Exploits0References1
NVD
NVD
added 2017/04/10 2:59 p.m.15 views

CVE-2015-8378

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile...

7.5CVSS7.3AI score0.0119EPSS
Exploits0References2
OSV
OSV
added 2017/04/10 2:59 p.m.1 views

DEBIAN-CVE-2015-8378

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile...

7.5CVSS6.7AI score0.0119EPSS
Exploits0References1
OSV
OSV
added 2017/04/10 2:59 p.m.1 views

UBUNTU-CVE-2015-8378

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile...

7.5CVSS7.1AI score0.0119EPSS
Exploits0References3
OSV
OSV
added 2017/04/10 2:59 p.m.6 views

CVE-2015-8378

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile...

7.5CVSS7.3AI score
Exploits0References3
Cvelist
Cvelist
added 2017/04/10 2:0 p.m.19 views

CVE-2015-8378

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile...

7.3AI score0.0119EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/04/10 2:0 p.m.21 views

CVE-2015-8378

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile...

7.5CVSS7.3AI score0.0119EPSS
Exploits0
Hacker One
Hacker One
added 2017/04/07 3:58 p.m.21 views

Gratipay: CSV injection in gratipay.com via payment history export feature.

I discovered this issues thanks to Matt who pointed out that the participant's name is directly placed into a CSV file: https://github.com/gratipay/gratipay.com/issues/4399issuecomment-292250609 Summary --- Gratipay allows users to export payment history as a .csv file. By injecting a payload int...

7.1AI score
Exploits0
OSV
OSV
added 2017/04/02 1:59 a.m.5 views

CVE-2017-2391

An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password...

5.3CVSS5.8AI score0.00959EPSS
Exploits0References5
Prion
Prion
added 2017/04/02 1:59 a.m.19 views

Design/Logic Flaw

An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password...

5CVSS4.3AI score0.00959EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2017/04/02 1:36 a.m.29 views

CVE-2017-2391

An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password...

5.4AI score0.00959EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/03/30 12:0 a.m.48 views

OracleVM 3.3 / 3.4 : gnutls (OVMSA-2017-0054)

The remote OracleVM system is missing necessary patches to address critical security updates : - Upgraded to 2.12.23 to incorporate multiple TLS 1.2 fixes 1326389, 1326073, 1323215, 1320982, 1328205, 1321112 - Modified gnutls-serv to accept --sni-hostname 1333521 - Modified gnutls-serv to always...

9.8CVSS8AI score0.08009EPSS
Exploits0References5
NVD
NVD
added 2017/03/28 2:59 a.m.19 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS5.2AI score0.01118EPSS
Exploits1References6
OSV
OSV
added 2017/03/28 2:59 a.m.8 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS5.1AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2017/03/28 2:59 a.m.26 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS6.1AI score0.01118EPSS
Exploits1References7
Prion
Prion
added 2017/03/28 2:59 a.m.17 views

Cross site scripting

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

3.5CVSS5.3AI score0.01118EPSS
Exploits1References6Affected Software2
Rows per page
Query Builder