Lucene search
K

102 matches found

NVD
NVD
added 2019/07/29 4:15 p.m.27 views

CVE-2019-11201

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...

8.5CVSS8AI score0.02236EPSS
Exploits1References1
Veracode
Veracode
added 2018/07/23 5:27 a.m.71 views

Insecure Defaults

tomcat-websocket is vulnerable to missing hostname verification. The application does not verify the hostname with a client when establishing a TLS connection through the websocket, allowing a malicious user to impersonate a different host machine...

7.5CVSS8.4AI score0.213EPSS
Exploits0References45Affected Software85
NVD
NVD
added 2018/02/12 11:29 p.m.10 views

CVE-2017-9970

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution...

9CVSS7.3AI score0.04931EPSS
Exploits0References3
Prion
Prion
added 2018/02/12 11:29 p.m.9 views

Remote code execution

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution...

9CVSS8AI score0.04931EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/02/12 11:0 p.m.16 views

CVE-2017-9970

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution...

7.3AI score0.04931EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/22 7:0 p.m.22 views

CVE-2017-8158

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine VM processes to exhaust system resources. Successful exploit...

6.3AI score0.00199EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2017/08/17 3:55 p.m.22 views

Cisco Patches Privilege Escalation Bugs in APIC

Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller APIC that could allow an attacker to elevate privileges on the host machine. The product automates and manages the APIC fabric, optimizing application performance and provisioning for physica...

2.7AI score
Exploits0References3
myhack58
myhack58
added 2017/07/24 12:0 a.m.247 views

Vmware virtual machine escape Vulnerability CVE-2017-4901)Exploit code analysis and use-vulnerability and early warning-the black bar safety net

0×01 event analysis 2017 7 on 19 unamer in its github released a for Vmware virtual machine escape exploit source code, using C++. The alleged impact of Vmware Workstation 12.5.5 the previous version, and gives a demonstration of the process, to achieve a from the virtual machine to the host...

7.5CVSS8.1AI score0.1994EPSS
Exploits5
Prion
Prion
added 2017/05/22 2:29 p.m.18 views

Null pointer dereference

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine...

6.8CVSS6.6AI score0.04952EPSS
Exploits2References4Affected Software2
NVD
NVD
added 2017/05/22 2:29 p.m.23 views

CVE-2017-4916

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine...

6.8CVSS6.3AI score0.04952EPSS
Exploits2References4
Prion
Prion
added 2017/05/22 2:29 p.m.15 views

Design/Logic Flaw

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine...

7.2CVSS7.5AI score0.05413EPSS
Exploits11References4Affected Software2
Cvelist
Cvelist
added 2017/05/22 2:0 p.m.20 views

CVE-2017-4916

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine...

6.7AI score0.04952EPSS
Exploits2References4
CVE
CVE
added 2017/05/22 2:0 p.m.68 views

CVE-2017-4916

CVE-2017-4916 is a NULL pointer dereference in the vstor2 driver affecting VMware Workstation Pro/Player (12.x). Public sources document denial-of-service via local exploitation on Windows hosts with normal user privileges. Several references tie the issue to VMware Workstation 12.x before 12.5.5...

6.8CVSS6.5AI score0.04952EPSS
Exploits2References4Affected Software2
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.34 views

Microsoft Windows Hyper-V Denial of Service Vulnerability (KB3217841)

This host is missing an important security update according to Microsoft KB3217841. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

5.4CVSS6.3AI score0.01682EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.29 views

Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running ...

5.4CVSS3.6AI score0.01594EPSS
Exploits0
myhack58
myhack58
added 2016/08/24 12:0 a.m.20 views

Cloud Security Series: 360GearTeam again found QEMU multiple vulnerabilities-vulnerability warning-the black bar safety net

! 2 0 1 6 years and 8 months or so, the odd Tiger 3 6 0 to the QEMU official report a number of QEMU vulnerabilities in. They allow an attacker to attack a virtual machine or the host machine itself, causing a denial of service or arbitrary code execution. 360GearTeamoriginal 3 6 0 cloud security...

2.3AI score
Exploits0
myhack58
myhack58
added 2016/05/11 12:0 a.m.21 views

3 6 0 Marvel Team virtualization vulnerabilities the fifth bomb: CVE-2 0 1 6-3 7 1 0 Dark Portal vulnerability analysis-vulnerability warning-the black bar safety net

From 2 0 1 5 year 5 month venom vulnerabilities raging global Cloud Platform, 3 6 0 Marvel Team accumulated in kvm, xen, vmware platform on found submitted up to 2 2 pieces of high-risk security 0day vulnerabilities, these vulnerabilities will lead to a General purpose cloud system was hacked...

8.1AI score0.00916EPSS
Exploits0
n0where
n0where
added 2016/02/25 6:44 p.m.31 views

Android Pentesting Portable Integrated Environment: Appie

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...

0.9AI score
Exploits0References8
myhack58
myhack58
added 2015/05/16 12:0 a.m.258 views

VENOM venom vulnerability analysis qemu kvm CVE‐2 0 1 5‐3 4 5 6-the vulnerability warning-the black bar safety net

Vulnerability description CrowdStrike, Jason Geffner found open source computer emulator QEMU in the presence of a and a virtual floppy disk controller associated with the security vulnerability, code-named VENOM, the CVE number for CVE-2 0 1 5-3 4 5 6 The. Using this vulnerability an attacker ca...

1.2AI score
Exploits0
Kitploit
Kitploit
added 2015/01/28 4:59 p.m.34 views

Appie - Android Pentesting Portable Integrated Environment

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick.This is a one stop answer for all the tools needed in Android Application Security Assessment. Difference between Appie and existing...

7.4AI score
Exploits0References3
Rows per page
Query Builder