Lucene search
K

5908 matches found

Prion
Prion
added 2018/10/17 8:29 p.m.16 views

Cross site request forgery (csrf)

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

6.8CVSS8.8AI score0.00481EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2018/10/17 8:0 p.m.8 views

CVE-2018-15402 Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

5.4CVSS7.2AI score0.00481EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/17 8:0 p.m.16 views

CVE-2018-15402 Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

5.4CVSS8.9AI score0.00481EPSS
Exploits0References2
Cisco
Cisco
added 2018/10/17 4:0 p.m.532 views

Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

5.4CVSS0.8AI score0.00481EPSS
Exploits0References1
OSV
OSV
added 2018/10/16 11:10 p.m.1 views

GHSA-GV5F-CJW9-5VXG Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request...

9.8CVSS7.5AI score0.0712EPSS
Exploits0References17
Veracode
Veracode
added 2018/10/11 6:21 a.m.11 views

Denial Of Service (DoS)

vertx-core is vulnerable to a denial of service DoS attack. The websocket implementation does not properly handle HTTP requests properly, buffering the entire request body into memory before the handshake. This can allow a malicious user to pass a large HTTP request to the application to cause it...

6.5CVSS6.4AI score0.02652EPSS
Exploits0References30Affected Software1
0day.today
0day.today
added 2018/10/11 12:0 a.m.41 views

Wikidforum 2.20 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/10/09 12:0 a.m.17 views

Wikidforum 2.20 - select_sort SQL Injection

Wikidforum 2.20 - selectsort SQL Injection Exploit Title: Wikidforum 2.20 - 'selectsort' SQL Injection Date: 2018-10-08 Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/10/09 12:0 a.m.48 views

Wikidforum 2.20 Multiple SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 Multiple SQL Injection Vulnerability Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

0.1AI score
Exploits0
NVD
NVD
added 2018/10/05 2:29 p.m.19 views

CVE-2018-15429

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

5.3CVSS5.2AI score0.01116EPSS
Exploits0References1
NVD
NVD
added 2018/10/05 2:29 p.m.18 views

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.7CVSS4.8AI score0.00922EPSS
Exploits0References1
NVD
NVD
added 2018/10/05 2:29 p.m.19 views

CVE-2018-0469

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker...

7.1CVSS6.7AI score0.03081EPSS
Exploits0References3
Prion
Prion
added 2018/10/05 2:29 p.m.18 views

Input validation

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.3CVSS4.8AI score0.00922EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/10/05 2:29 p.m.17 views

Authorization

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

5CVSS5.2AI score0.01116EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/10/05 2:29 p.m.16 views

Double free

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker...

7.1CVSS6.6AI score0.03081EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2018/10/05 2:0 p.m.10 views

CVE-2018-15429 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

6.6AI score0.01116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2018/10/05 2:0 p.m.9 views

CVE-2018-0469 Cisco IOS XE Software Web UI Denial of Service Vulnerability

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker...

7.1AI score0.03081EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/10/05 2:0 p.m.27 views

CVE-2018-0469 Cisco IOS XE Software Web UI Denial of Service Vulnerability

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker...

6.7AI score0.03081EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/10/05 2:0 p.m.19 views

CVE-2018-15423 Cisco HyperFlex UI Clickjacking Vulnerability

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.8AI score0.00922EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2018/10/05 2:0 p.m.9 views

CVE-2018-15423 Cisco HyperFlex UI Clickjacking Vulnerability

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

6.9AI score0.00922EPSS
Exploits0References1
Rows per page
Query Builder