Lucene search
K

5909 matches found

NVD
NVD
added 2019/11/09 2:15 a.m.23 views

CVE-2018-1721

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369...

8.8CVSS8.3AI score0.01843EPSS
Exploits0References2
Prion
Prion
added 2019/11/09 2:15 a.m.18 views

Xxe

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369...

6.5CVSS8.4AI score0.01843EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.24 views

Chneider-electric Modicon Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...

10CVSS3.1AI score0.08978EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.53 views

EulerOS 2.0 SP5 : openwsman (EulerOS-SA-2019-2179)

According to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests...

7.5CVSS7.4AI score0.15243EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/11/06 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-4174-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.10024EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2019/11/05 8:50 p.m.38 views

python-requests bug fix update

An update is available for python-requests. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-requests package contains a library designed to make HTTP...

1.5AI score
Exploits0
AlmaLinux
AlmaLinux
added 2019/11/05 8:50 p.m.54 views

python-requests bug fix update

The python-requests package contains a library designed to make HTTP requests easy for developers. Bug fix: The fix CVE-2018-18074 leads to a regression BZ1758261...

7.5CVSS1.4AI score0.07443EPSS
Exploits2References1
Ubuntu
Ubuntu
added 2019/11/05 12:50 p.m.128 views

USN-4174-1: HAproxy vulnerability

It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation Request Smuggling...

7.5CVSS6.9AI score0.10024EPSS
Exploits1
NVD
NVD
added 2019/10/31 9:15 p.m.33 views

CVE-2018-4031

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...

10CVSS9.2AI score0.02669EPSS
Exploits1References1
Prion
Prion
added 2019/10/31 9:15 p.m.22 views

Cross site request forgery (csrf)

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...

10CVSS9.3AI score0.02669EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/31 8:29 p.m.39 views

CVE-2018-4031

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...

9CVSS9.5AI score0.02669EPSS
Exploits1References1
CVE
CVE
added 2019/10/31 8:29 p.m.108 views

CVE-2018-4031

CVE-2018-4031 affects CUJO Smart Firewall firmware 7003. The safe-browsing component abuses Lunatik (kernel Lua) by injecting unsanitized Host header data into a Lua statement, enabling arbitrary code execution in the kernel. Exploitation can occur via crafted HTTP/HTTPS requests containing a mal...

10CVSS9.3AI score0.02669EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/28 12:0 a.m.93 views

GLSA-201910-01 : PHP: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201910-01 PHP: Arbitrary code execution A underflow in envpathinfo in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact : A remote attacker, by sending special crafted HTTP requests, could...

9.8CVSS8.2AI score0.9947EPSS
Exploits54References2
Veracode
Veracode
added 2019/10/25 2:46 a.m.23 views

Server-Side Request Forgery (SSRF)

xmppserver is vulnerable to server-side request forgery SSRF. The getImage function in FaviconServlet.java allows attackers to send arbitrary HTTP GET requests on behalf of the server...

9.8CVSS3.9AI score0.32304EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/10/19 1:15 a.m.4 views

CVE-2019-18202

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...

5.3CVSS6.2AI score
Exploits0References1
NVD
NVD
added 2019/10/19 1:15 a.m.13 views

CVE-2019-18202

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...

5.8CVSS5.3AI score0.01789EPSS
Exploits0References1
Prion
Prion
added 2019/10/19 1:15 a.m.16 views

Improper access control

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...

5CVSS5.2AI score0.01789EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/19 12:2 a.m.17 views

CVE-2019-18202

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...

5.8CVSS5.2AI score0.01789EPSS
Exploits0References1
Symantec
Symantec
added 2019/10/15 12:0 a.m.27 views

Adobe Experience Manager CVE-2019-8234 Cross Site Request Forgery Vulnerability

Description Adobe Experience Manager is prone to a cross-site request forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Technologies Affected Adobe...

0.2AI score0.02147EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/10/11 12:0 a.m.249 views

Intelbras Router WRN150 1.0.18 Cross Site Scripting

Exploit Title: Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Date: 2019-10-03 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : CVE-2019–17411 PoC 1:...

7.4AI score
Exploits0
Rows per page
Query Builder