Lucene search
K

1683 matches found

Node.js
Node.js
added 2016/03/28 9:18 p.m.29 views

Timing Attack

Overview Affected versions of csrf-lite are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character...

4.3CVSS4.7AI score0.01301EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2015/11/23 12:0 a.m.23 views

Juniper Networks Junos OS Fail-Open Unauthenticated Root Access Vulnerability

Junos OS is prone to a unauthenticated root access vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos";...

6.9CVSS5.2AI score0.0035EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2015/11/01 10:48 p.m.10 views

yannickprobst.com XSS vulnerability

Vulnerable URL: http://www.yannickprobst.com//search/site/?q= Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 V...

6.3AI score
Exploits0
n0where
n0where
added 2015/10/22 9:5 p.m.16 views

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

7.5AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2015/10/21 12:0 a.m.6 views

The vulnerability of the Android operating system, which allows a hacker to execute arbitrary code or cause a service failure

The vulnerability of the libstagefright component in the Android operating system arises due to buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure using a specially crafted media file...

10CVSS6.5AI score0.01858EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2015/10/16 2:30 p.m.10 views

nanopress.it XSS vulnerability

Vulnerable URL: http://www.nanopress.it/curiosita/epic-fail/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 33960 Google Pagerank| 4 VIP website status:| Yes Check nanopress.it SSL...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.53 views

ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability EMC Identifier: ESA-2015-132 CVE Identifier: CVE-2015-4537 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2 4.2 and earlier Summary: EMC...

3.5CVSS0.5AI score0.01207EPSS
Exploits0
Fedora
Fedora
added 2015/03/29 4:57 a.m.47 views

[SECURITY] Fedora 21 Update: mongodb-2.4.13-1.fc21

Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...

5CVSS0.3AI score0.028EPSS
Exploits0
Fedora
Fedora
added 2015/03/21 5:1 a.m.43 views

[SECURITY] Fedora 22 Update: mongodb-2.6.8-1.fc22

Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...

5CVSS0.3AI score0.028EPSS
Exploits0
securityvulns
securityvulns
added 2015/03/16 12:0 a.m.68 views

Multiple Vulnerabilities with Kguard Digital Video Recorders

MULTIPLE VULNERABILITIES WITH KGUARD DIGITAL VIDEO RECORDERS, February 10, 2015 PRODUCT DESCRIPTION The Kguard SHA104 & SHA108 are 4ch/8ch H.264 DVRs designed for economical application. It's stylish & streamlines hardware design and excellent performance can be fast moving, competitive and an...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2014/08/25 12:0 a.m.33 views

frcms 多处注入 (demo成功)

简要描述: rt 详细说明: 在plus/onlinepay/alipaynotify.php中 $signtype = "MD5"; //加密方式 不需修改 $alipay = new alipaynotify$partner,$securitycode,$signtype,$inputcharset,$transport; //构造通知函数信息 $verifyresult = $alipay-notifyverify; //计算得出通知验证结果 $dingdan = $outtradeno; //获取支付宝传递过来的订单号 $total =...

7.1AI score
Exploits0
Oracle linux
Oracle linux
added 2014/07/23 12:0 a.m.69 views

qemu-kvm security and bug fix update

1.5.3-60.el70.2 - kvm-pc-add-hotaddcpu-callback-to-all-machine-types.patch bz1094820 - Resolves: bz1094820 Hot plug CPU not working with RHEL6 machine types running on RHEL7 host. 1.5.3-60.el70.1 - kvm-iscsi-fix-indentation.patch bz1090978 - kvm-iscsi-correctly-propagate-errors-in-iscsiopen.patch...

7.2CVSS0.5AI score0.00386EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Sygate Personal Firewall Pro 5.5 - Local Fail-Close Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10540/info A vulnerability is reported to affect the Sygate Personal Firewall fail-closed functionality. It is reported that the kernel-space NDIS driver does not verify the origin of messages that are received through th...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Clicksor SQL Injecti0n Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-68525' vul ID version = '1' author = 'fenghh' vulDate = '2010-05-04' createDate =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

IDevSpot iSupport 1.8 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19964/info IDevSupport iSupport is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.26 views

openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)

imported upstream version 1.10.2 - includes fix for possible denial of service in CGI executables: CVE-2013-7108 bnc856837 - core: Add an Icinga syntax plugin for Vim 4150 - LE/MF - core: Document dropped options logexternalcommandsuser and eventprofilingenabled 4957 - BA - core: type in spec...

5.5CVSS7.6AI score0.59546EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2014/06/03 12:0 a.m.26 views

FreeBSD -- Incorrect error handling in PAM policy parser

Problem Description: The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the...

9.8CVSS9.2AI score0.02698EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/04/24 12:17 p.m.17 views

Mozilla Offers Bug Bounty for Heartbleed-like Crypto Bugs

As part of a special security bug bounty program, Mozilla Corporation is offering $10,000 to anyone who reports a qualifying security vulnerability in the new cryptography library it plans to deploy in a yet-to-be-released version of Firefox. Today, Mozilla’s security engineering team announced t...

7.6AI score
Exploits0References5
OpenVAS
OpenVAS
added 2013/11/25 12:0 a.m.19 views

RSA Authentication Agent for IIS Authentication Bypass Vulnerability

RSA Authentication Agent for IIS is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.9AI score0.0228EPSS
Exploits0References5
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.58 views

ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability

ESA-2013-067.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services IIS Security Controls Bypass Vulnerability EMC Identifier: ESA-2013-067 CVE Identifier: CVE-2013-3280 Severity Rating: CVSS v2 Base Score: 9.0...

7.5CVSS0.2AI score0.0228EPSS
Exploits0
Rows per page
Query Builder