Lucene search
K

5908 matches found

Cisco
Cisco
added 2018/10/03 4:0 p.m.35 views

Cisco HyperFlex UI Clickjacking Vulnerability

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.7CVSS1AI score0.00922EPSS
Exploits0References1
exploitpack
exploitpack
added 2018/10/03 12:0 a.m.39 views

Airties AIR5342 1.0.0.18 - Cross-Site Scripting

Airties AIR5342 1.0.0.18 - Cross-Site Scripting Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR534...

4.3CVSS0.1AI score0.02321EPSS
Exploits15
Exploit DB
Exploit DB
added 2018/10/03 12:0 a.m.54 views

Airties AIR5342 1.0.0.18 - Cross-Site Scripting

Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR5342, AIR5343v2, AIR5443v2, AIR5453, AIR5442,...

6.1CVSS6.2AI score0.02321EPSS
Exploits15
Kitploit
Kitploit
added 2018/10/01 9:1 p.m.72 views

SubScraper - External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTPS requests and DNS "A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/09/28 12:0 a.m.26 views

Debian DLA-1523-1 : asterisk security update

Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via specially crafted HTTP requests to upgrade the connection to a websocket. For Debian 8 'Jessie', this...

7.5CVSS7.5AI score0.53381EPSS
Exploits0References3
Debian
Debian
added 2018/09/27 1:36 p.m.29 views

[SECURITY] [DLA 1523-1] asterisk security update

Package : asterisk Version : 1:11.13.1dfsg-2+deb8u6 CVE ID : CVE-2018-17281 Debian Bug : 909554 Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via special...

7.5CVSS7.7AI score0.53381EPSS
Exploits0
Cisco
Cisco
added 2018/09/26 4:0 p.m.43 views

Cisco IOS XE Software Web UI Denial of Service Vulnerability

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker...

8.6CVSS1.5AI score0.03081EPSS
Exploits0References1
NVD
NVD
added 2018/09/19 3:29 p.m.14 views

CVE-2018-1149

cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...

10CVSS9.8AI score0.15226EPSS
Exploits1References4
Prion
Prion
added 2018/09/19 3:29 p.m.17 views

Code injection

cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...

10CVSS9.7AI score0.15226EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/09/19 3:0 p.m.17 views

CVE-2018-1149

cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...

9.8AI score0.15226EPSS
Exploits1References4
NVD
NVD
added 2018/09/13 7:29 p.m.30 views

CVE-2018-1330

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...

7.5CVSS8.3AI score0.03674EPSS
Exploits0References1
CVE
CVE
added 2018/09/13 7:0 p.m.86 views

CVE-2018-1330

CVE-2018-1330 affects Apache Mesos (libprocess) with versions 1.4.0–1.5.0. The issue stems from parsing a malformed JSON payload and an assertion in chunked HTTP trailer handling, leading to an uncaught exception and a crash. The documented impact is a denial of service that renders Mesos masters...

7.5CVSS7.5AI score0.03674EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/09/07 7:0 p.m.46 views

CVE-2018-16710

CVE-2018-16710 affects OctoPrint 1.3.9 and earlier, where remote attackers can obtain sensitive information or cause a denial of service via HTTP requests on port 8081. The Red Hat and OSV/NVD entries reiterate this issue; vendor notes warn against exposing OctoPrint to the public internet. The a...

9.1CVSS8.9AI score0.0209EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/07 7:0 p.m.21 views

CVE-2018-16710

OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the...

9.1AI score0.0209EPSS
Exploits1References1
Hacker One
Hacker One
added 2018/09/06 8:42 a.m.12 views

U.S. Dept Of Defense: SSRF on ████████

Summary: The web application hosted on the "███████" domain is affected by a Server Side Request Forgery SSRF vulnerability that could allows an attacker to force the application to make requests to arbitrary targets. Description: The affected handler is the "/xmlrpc/pingback/". This handler...

0.2AI score
Exploits0
NVD
NVD
added 2018/08/24 12:29 a.m.20 views

CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

9.1CVSS8.6AI score0.01251EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2018/08/24 12:0 a.m.69 views

Amazon Linux 2 : httpd (ALAS-2018-1062)

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33. CVE-2018-8011 C Tenable Network Security, Inc. The descriptive text...

7.5CVSS6.6AI score0.51714EPSS
Exploits0References2
NVD
NVD
added 2018/08/23 10:29 p.m.25 views

CVE-2018-3856

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...

9.9CVSS9.7AI score0.03444EPSS
Exploits2References1
Prion
Prion
added 2018/08/23 10:29 p.m.15 views

Command injection

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...

9CVSS9.6AI score0.03444EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/08/23 10:0 p.m.30 views

CVE-2018-3856

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...

9.9CVSS9.7AI score0.03444EPSS
Exploits2References1
Rows per page
Query Builder