Lucene search
K

5908 matches found

Cvelist
Cvelist
added 2018/07/18 2:0 p.m.60 views

CVE-2018-8011 mod_md, DoS via Coredumps on specially crafted requests

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33...

7.2AI score0.51714EPSS
Exploits0References15
Prion
Prion
added 2018/07/17 12:29 p.m.21 views

Directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

5CVSS7.5AI score0.03418EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/07/17 12:29 p.m.21 views

CVE-2018-13864

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

7.5CVSS7.5AI score0.03418EPSS
Exploits0References1
OSV
OSV
added 2018/07/17 12:29 p.m.16 views

CVE-2018-13864

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

7.5CVSS7AI score0.03418EPSS
Exploits0References1
0day.today
0day.today
added 2018/07/17 12:0 a.m.56 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Vulnerabil

Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...

0.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2018/07/17 12:0 a.m.640 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

6.5CVSS5.9AI score0.00194EPSS
Exploits2
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.59 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/07/16 12:0 a.m.50 views

Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway CSRF

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0...

0.4AI score
Exploits0
NVD
NVD
added 2018/07/13 8:29 p.m.12 views

CVE-2016-6548

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...

9.8CVSS9.5AI score0.03707EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2018/07/12 12:0 a.m.5 views

The vulnerability of the Mozilla Firefox browser, related to an authentication error during HTTP requests, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Mozilla Firefox browser is related to an authentication error during HTTP requests. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

5.3CVSS7.8AI score0.02582EPSS
Exploits0References9Affected Software3
OpenVAS
OpenVAS
added 2018/07/09 12:0 a.m.33 views

Western Digital WD TV Live Hub RCE Vulnerability

The web server on Western Digital TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced...

10CVSS9.9AI score0.08441EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/07/03 12:0 a.m.47 views

EulerOS 2.0 SP3 : ruby (EulerOS-SA-2018-1207)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create...

9.8CVSS7.2AI score0.10552EPSS
Exploits0References8
Hacker One
Hacker One
added 2018/06/30 7:40 p.m.495 views

Hanno's projects: SSRF in rompager-check

Summary The script rompager.php does not restrict which hosts can be requested. Thereby, an attacker can send HTTP requests to localhost and other servers of the same local network segment, on port 80 and 7547. Description In rompager.php, the value of CURLOPTURL is fully controlled: php Port...

Exploits0
seebug.org
seebug.org
added 2018/06/29 12:0 a.m.46 views

KYOCERA Net Admin 3.4 CSRF Add Admin Exploit

Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2018/06/29 12:0 a.m.38 views

KYOCERA Net Admin 3.4 Multiple XSS Vulnerabilities

Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2018/06/29 12:0 a.m.38 views

Teradek Cube 7.3.6 CSRF Change Password Exploit

Summary Cube packs world-class video quality into a rugged, portable chassis for quick IP video deployments at any location. Each encoder and decoder includes HDMI and 3G-SDI I/O, Ethernet / WiFI connectivity, and full duplex IFB. Description The application interface allows users to perform...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2018/06/29 12:0 a.m.29 views

Teradek VidiU Pro 3.0.3 CSRF Change Password Exploit

Summary The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web without a PC. Whether you're streaming out of a video switcher or wirelessly from your camera, VidiU allows you to go live when you want, where you want. VidiU offers API level integration...

Exploits0
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.38 views

Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied

According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is prior to 6.0.0. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue...

6.1CVSS6.2AI score0.71601EPSS
Exploits1References2
OSV
OSV
added 2018/06/26 5:29 p.m.11 views

CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...

8.8CVSS8.5AI score
Exploits0References1
Cvelist
Cvelist
added 2018/06/26 5:0 p.m.11 views

CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...

8.5AI score0.01037EPSS
Exploits0References1
Rows per page
Query Builder