Lucene search
K

5908 matches found

Cvelist
Cvelist
added 2019/01/09 10:0 p.m.18 views

CVE-2018-0705

Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests...

9.2AI score0.02121EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2019/01/08 12:0 a.m.33 views

Kubernetes API Server acts as proxy for internal and external IPs | Cloud Foundry

Severity Unspecified Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to v0.26.0 Description Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote...

6.9AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.23 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications input type="hidden" name="txtHelpPage" valu...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/01/07 12:0 a.m.42 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF

input...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.36 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery

input type="hidden" name="...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/01/05 12:0 a.m.370 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

Summary The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity,...

5.3CVSS5.8AI score0.00146EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2018/12/27 12:0 a.m.6 views

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software lies in errors during the checking of HTTP requests in the management interface, which allows attackers to perform inter-site forged requests.

The vulnerability of Cisco Enterprise NFV Infrastructure Software-related software lies in the improper checking of HTTP requests in the management interface. Exploiting this vulnerability allows a remote attacker to perform inter-site forged requests...

6.4CVSS6.8AI score0.00481EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/12/24 2:29 p.m.15 views

CVE-2018-15465

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...

8.1CVSS8.1AI score0.02362EPSS
Exploits1References3
Kitploit
Kitploit
added 2018/12/21 12:32 p.m.148 views

W3Brute - Automatic Web Application Brute Force Attack Tool

w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features 1. Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process...

8.7AI score
Exploits0References4
NVD
NVD
added 2018/12/20 3:29 p.m.9 views

CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

6.5CVSS6.4AI score0.02177EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/12/20 3:29 p.m.14 views

CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

6.5CVSS6.7AI score0.02177EPSS
Exploits1References3
Prion
Prion
added 2018/12/20 3:29 p.m.9 views

Xxe

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

4.3CVSS6.3AI score0.02177EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/12/20 3:0 p.m.14 views

CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

6.4AI score0.02177EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/12/17 12:0 a.m.29 views

Squid 3.2.0.11 < 3.x < 3.5.18 / 4.x < 4.0.10 Cache Poisoning Vulnerability (SQUID-2016:7)

According to its banner, the version of Squid running on the remote host is 3.x after 3.2.0.11 and prior to 3.5.18, or 4.x prior to 4.0.10. It is, therefore, affected by a cache poisoning vulnerability in the handling of HTTP requests. Note that Nessus has not tested for this issue but has instea...

8.6CVSS7.7AI score0.79651EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2018/12/15 12:0 a.m.47 views

phpMyAdmin 4.8.4 - &#039;AllowArbitraryServer&#039; Arbitrary File Read

!/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat = logging.handlers.WatchedFileHandler'mysql.log', 'ab'...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/12/10 12:0 a.m.43 views

openSUSE Security Update : apache2-mod_jk (openSUSE-2018-1510)

This update for apache2-modjk fixes the following issue : Security issue fixed : - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd bsc1114612. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Securit...

7.5CVSS7.4AI score0.90647EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/12/06 12:0 a.m.81 views

RHEL 6 : Ruby on Rails (RHSA-2013:0153)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view components...

7.5CVSS9.4AI score0.99449EPSS
Exploits21References6
Check Point Advisories
Check Point Advisories
added 2018/12/06 12:0 a.m.13 views

Apache Tika Command Injection (CVE-2018-1335)

A command injection vulnerability exists in Apache Tika. The vulnerability is due to improper validation of the HTTP requests. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...

9.3CVSS3.3AI score0.93972EPSS
Exploits10
BDU FSTEC
BDU FSTEC
added 2018/12/04 12:0 a.m.4 views

The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the insufficient protection of the website structure, which allows a hacker to inject arbitrary code into the web pages that users are asked to download.

The vulnerability of the Microsoft Dynamics 365 resource planning software application is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the web pages uploaded to users, thereby gaining access to...

6.4CVSS8AI score0.01413EPSS
Exploits0References5Affected Software1
Exploit DB
Exploit DB
added 2018/12/04 12:0 a.m.56 views

NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage

''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt + ISR: ApparitionSec Greetz: indoushka | Eduardo B. 0day Vendor www.necam.com Affected Product Code Base NEC...

9.8CVSS9.6AI score0.17886EPSS
Exploits6
Rows per page
Query Builder