Lucene search
K

5909 matches found

Qualys Blog
Qualys Blog
added 2019/06/25 12:5 a.m.185 views

Qualys Cloud Platform 2.39 New Features

This release of the Qualys Cloud Platform version 2.39 includes updates and new features for Out-of-Band Configuration Assessment OCA, Vulnerability Management, and Web Application Scanning, highlights as follows. Vulnerability Management Trending uses Include/Exclude Filters in Dashboard – Widge...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2019/06/25 12:0 a.m.6 views

Oracle Weblogic Insecure Deserialization (CVE-2019-2729)

A vulnerability has been reported in Oracle Weblogic. This vulnerability is due to insufficient validation of data of HTTP requests. Successful exploitation can result in result in arbitrary code execution...

7.5CVSS2.1AI score0.8883EPSS
Exploits11
Prion
Prion
added 2019/06/20 3:15 a.m.19 views

Spoofing

A vulnerability in the vManage web-based UI Web UI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An...

6.5CVSS8.7AI score0.0189EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/06/20 3:15 a.m.18 views

Input validation

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denia...

5CVSS7.4AI score0.02233EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2019/06/20 2:45 a.m.20 views

CVE-2019-1626 Cisco SD-WAN Solution Privilege Escalation Vulnerability

A vulnerability in the vManage web-based UI Web UI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An...

8.8CVSS8.8AI score0.0189EPSS
Exploits0References2
CNVD
CNVD
added 2019/06/19 12:0 a.m.2 views

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-18508)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.6 iFix 1. An...

5.3CVSS6.5AI score0.07832EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/15 4:25 p.m.27 views

Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4382 DESCRIPTION: IBM API Connect could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. CVSS Base Score: 5.3 CVSS Temporal...

5.3CVSS2.1AI score0.07832EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/14 12:0 a.m.63 views

Fortinet FortiOS 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389)

The remote host is running a version of FortiOS 5.4.1 prior to 5.4.11, 5.6.x prior to 5.6.9 or 6.0.x prior to 6.0.5. It is, therefore, affected by a security bypass vulnerability in the SSL VPN web portal, due to an error when processing HTTP requests. A remote, unauthenticated attacker can explo...

9.1CVSS7.8AI score0.81691EPSS
Exploits2References2
Veracode
Veracode
added 2019/06/12 7:55 a.m.29 views

XML External Entities (XXE)

expat is vulnerable to denial of service. Entities expansions are not properly handled unless using the XMLSetEntityDeclHandler function. This allows remote attackers to crash the process, send HTTP requests on behalf of the server or read arbitrary files via a malicious XML document...

6.8CVSS7AI score0.19433EPSS
Exploits1References28Affected Software1
OSV
OSV
added 2019/06/05 6:29 p.m.18 views

CVE-2019-12276

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made...

7.5CVSS6.9AI score
Exploits0References3
Cvelist
Cvelist
added 2019/06/05 5:30 p.m.10 views

CVE-2019-12276

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made...

7.5AI score0.53705EPSS
Exploits4References3
Prion
Prion
added 2019/06/04 10:29 p.m.11 views

Cross site scripting

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests...

4.3CVSS6.3AI score0.00807EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/06/04 10:29 p.m.16 views

Cross site scripting

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests...

4.3CVSS6.3AI score0.00807EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/04 8:33 p.m.40 views

CVE-2018-13382

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via...

9.1CVSS9.3AI score0.81691EPSS
Exploits2References2
Veracode
Veracode
added 2019/05/16 3:22 a.m.28 views

Denial Of Service (DoS)

Ruby is vulnerable to denial of serviceDoS attacks. This exists on WEBrick server during the processing of HTTP requests. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory...

7.5CVSS8AI score0.04636EPSS
Exploits0References22Affected Software4
Kitploit
Kitploit
added 2019/05/14 12:43 p.m.175 views

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

7.2AI score
Exploits0References3
0day.today
0day.today
added 2019/05/13 12:0 a.m.82 views

SOCA Access Control System 180612 - CSRF (Add Admin) Vulnerability

Exploit for php platform in category web applications SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/13 12:0 a.m.87 views

SOCA Access Control System 180612 Cross Site Request Forgery

SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint access control system, Time and Attendance, Electric...

0.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/05/13 12:0 a.m.60 views

SOCA Access Control System 180612 CSRF Add Admin Exploit

Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...

5.3CVSS5.8AI score0.00191EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/05/10 12:0 a.m.27 views

Atlassian JIRA Multiple Vulnerabilities (JRASERVER-69245) (JRASERVER-69246)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.13.2 or 8.0.x prior to 8.0.2. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in Jira's BrowserProjects.jspa...

7.5CVSS6.7AI score0.0205EPSS
Exploits0References4
Rows per page
Query Builder