Lucene search
K

5908 matches found

Prion
Prion
added 2018/06/14 2:29 p.m.15 views

Path traversal

Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication...

7.8CVSS7.5AI score0.073EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2018/06/14 2:0 p.m.22 views

CVE-2017-17309

Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication...

7.5AI score0.073EPSS
Exploits6References2
BDU FSTEC
BDU FSTEC
added 2018/06/14 12:0 a.m.6 views

The vulnerability of the apply.cgi component in ASUS’ microprogramming software for routers allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the apply.cgi component in ASUS router microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the...

10CVSS5.9AI score0.03613EPSS
Exploits3References3Affected Software11
Prion
Prion
added 2018/06/12 5:29 p.m.14 views

Code injection

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi...

10CVSS9.8AI score0.08441EPSS
Exploits1References1Affected Software2
NVD
NVD
added 2018/06/12 5:29 p.m.22 views

CVE-2018-1151

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi...

10CVSS9.9AI score0.08441EPSS
Exploits1References1
CVE
CVE
added 2018/06/12 5:0 p.m.50 views

CVE-2018-1151

The CVE-2018-1151 entry concerns Western Digital WD TV Media Player (1.03.07) and WD TV Live Hub (3.12.13) where the web server’s toServerValue.cgi endpoint is exploitable by unauthenticated remote attackers to execute arbitrary code or cause a denial of service. The OpenVAS entry confirms the af...

10CVSS9.8AI score0.08441EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/06/12 5:0 p.m.20 views

CVE-2018-1151

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi...

9.9AI score0.08441EPSS
Exploits1References1
OSV
OSV
added 2018/06/11 9:29 p.m.7 views

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS8AI score
Exploits0References10
Prion
Prion
added 2018/06/11 9:29 p.m.16 views

Design/Logic Flaw

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

7.5CVSS8.9AI score0.02665EPSS
Exploits0References10Affected Software4
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.20 views

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

8.2AI score0.02665EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.20 views

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS9.5AI score0.02665EPSS
Exploits0
NVD
NVD
added 2018/06/06 8:29 p.m.24 views

CVE-2018-1269

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the...

6.5CVSS6.3AI score0.01058EPSS
Exploits0References1
OSV
OSV
added 2018/06/06 8:29 p.m.18 views

CVE-2018-1269

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the...

6.5CVSS6.5AI score0.01058EPSS
Exploits0References1
CVE
CVE
added 2018/06/06 8:0 p.m.47 views

CVE-2018-1269

CVE-2018-1269 affects Cloud Foundry Loggregator. The issue arises when building certain HTTP requests: errors thrown during construction aren’t handled, which can leave TCP connections dangling. This enables a remote authenticated user to cause denial of service by crafting malicious requests tha...

6.5CVSS6.2AI score0.01058EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/05 9:29 p.m.16 views

CVE-2018-1000195

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...

4.3CVSS5.7AI score0.02068EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2018/06/05 9:20 p.m.59 views

Clustering App Attacks with Machine Learning Part 1: A Walk Outside the Lab

A lot of research has been done on clustering attacks of different types using machine learning algorithms with high rates of success. Much of it from the comfort of a research lab, with specific datasets and no performance limitations. At Imperva, our research is done for the benefit of real...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2018/06/05 8:38 p.m.13 views

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – something that potentially affects the privacy and security of tens of millions of business users and consumers globally. The root of the threat lies in the inconsistencies that are ofte...

0.2AI score
Exploits0References1
Metasploit
Metasploit
added 2018/05/25 5:22 p.m.42 views

Flexense HTTP Server Denial Of Service

This module triggers a Denial of Service vulnerability in the Flexense HTTP server. Vulnerability caused by a user mode write access memory violation and can be triggered with rapidly sending variety of HTTP requests with long HTTP header values. Multiple Flexense applications that are using...

7.5CVSS7.3AI score0.76544EPSS
Exploits6
NVD
NVD
added 2018/05/25 3:29 p.m.14 views

CVE-2018-6237

A vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service DoS...

7.8CVSS7.5AI score0.06379EPSS
Exploits1References2
CVE
CVE
added 2018/05/25 3:0 p.m.39 views

CVE-2018-6237

The connected sources confirm a vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x that enables an unauthenticated remote attacker to coerce the product into processing a flood of specially crafted HTTP requests, potentially exhausting the file system and causing a denial of se...

7.8CVSS7.4AI score0.06379EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder