Lucene search
K

5909 matches found

NVD
NVD
added 2019/02/07 10:29 p.m.16 views

CVE-2018-1340

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

7.5CVSS7.4AI score0.021EPSS
Exploits0References2
Prion
Prion
added 2019/02/07 10:29 p.m.21 views

Code injection

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

5CVSS7.4AI score0.021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/02/07 10:0 p.m.28 views

CVE-2018-1340

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

6.8AI score0.021EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/02/07 10:0 p.m.28 views

CVE-2018-1340

Removed by vendor...

7.5CVSS7.5AI score0.021EPSS
Exploits0
Packet Storm
Packet Storm
added 2019/02/05 12:0 a.m.80 views

devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery

devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLANAr 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/02/05 12:0 a.m.73 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - CSRF (Add Admin) Vulnerability

Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/02/05 12:0 a.m.85 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery

BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks,...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/05 12:0 a.m.69 views

devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery

devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative f...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/02/04 12:0 a.m.93 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

5.3CVSS5.8AI score0.00138EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2019/02/03 12:0 a.m.90 views

devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery

Summary Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for any location without structured network wiring. Especially in buildings or residences lacking network cables or where updating the wiring would be expensive and...

5.3CVSS5.8AI score0.00138EPSS
Exploits1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2019/01/29 2:55 a.m.134 views

Detecting bots using Content Security Policy (CSP) headers

Bots are noisy, like really. And dangerous as well, especially if they can do crawling and increase usage by legitimate operations like items catalog retrieve in the case of e-commerce. I mean, we have a lot of reasons to do not like bots and count this problem as a cybersecurity threat, which...

6.8AI score
Exploits0
Talos
Talos
added 2019/01/21 12:0 a.m.63 views

Bitdefender BOX 2 bootstrap update_setup command execution vulnerability

Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...

9.3CVSS8.2AI score0.01948EPSS
Exploits0
Hacker One
Hacker One
added 2019/01/16 9:33 p.m.57 views

Monero: Monero can leak unitialized memory

See this proof of concept: cpp include include include INITIALIZEEASYLOGGINGPP template static void invokehttpjsonvoid typename T::request ireq; typename T::response ires; std::string reqparam; if!epee::serialization::storettojsonireq, reqparam return; printf"%s\n", reqparam.cstr; int mainvoid...

0.3AI score
Exploits0
Veracode
Veracode
added 2019/01/15 8:51 a.m.21 views

Remote Code Execution (RCE)

haproxy is vulnerable to remote code execution RCE attacks. The vulnerability exists through a buffer overflow issue in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appen...

5.1CVSS7.9AI score0.05464EPSS
Exploits0References12Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/10 12:0 a.m.7 views

The vulnerability of Cisco Adaptive Security Appliance’s microprogramming software, related to authentication process errors, allows attackers to escalate their privileges.

The vulnerability of Cisco Adaptive Security Appliance’s microprogramming software is related to authentication process errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges by using specially crafted HTTP requests...

9.1CVSS7.5AI score0.02362EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/01/09 11:29 p.m.16 views

CVE-2018-0705

Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests...

9.1CVSS9.1AI score0.02121EPSS
Exploits0References2
NVD
NVD
added 2019/01/09 11:29 p.m.16 views

CVE-2018-0703

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests...

7.5CVSS7.6AI score0.01947EPSS
Exploits0References2
OSV
OSV
added 2019/01/09 11:29 p.m.3 views

CVE-2018-0632

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response...

7.2CVSS6.1AI score0.018EPSS
Exploits0References2
Prion
Prion
added 2019/01/09 11:29 p.m.13 views

Directory traversal

Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests...

7.5CVSS9AI score0.02121EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/01/09 11:29 p.m.12 views

Directory traversal

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests...

6.4CVSS7.5AI score0.01947EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder