Lucene search
K

5908 matches found

Prion
Prion
added 2018/03/28 10:29 p.m.21 views

Input validation

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...

4CVSS5.2AI score0.01029EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2018/03/28 10:0 p.m.15 views

CVE-2018-0196

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...

7AI score0.01029EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/03/15 6:30 p.m.97 views

Important: Red Hat Security Advisory: ceph security update

An update for ceph is now available for Red Hat Ceph Storage 3.0 for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.1AI score0.0297EPSS
Exploits0References2
Prion
Prion
added 2018/03/12 4:29 a.m.13 views

Design/Logic Flaw

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs...

5CVSS7.5AI score0.76544EPSS
Exploits6References3Affected Software1
NVD
NVD
added 2018/03/12 4:29 a.m.26 views

CVE-2018-8065

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs...

7.5CVSS7.6AI score0.76544EPSS
Exploits6References3
Cvelist
Cvelist
added 2018/03/12 12:0 a.m.35 views

CVE-2018-8065

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs...

7.6AI score0.76544EPSS
Exploits6References3
CVE
CVE
added 2018/03/12 12:0 a.m.58 views

CVE-2018-8065

CVE-2018-8065 affects Flexense SyncBreeze Enterprise 10.6.24 and earlier, where the web server component (syncbrs.exe) is vulnerable to a user‑mode write access memory violation triggered by sending requests with long HTTP headers or long URIs. The issue enables a Denial of Service condition, wit...

7.5CVSS7.5AI score0.76544EPSS
Exploits6References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.35 views

F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K18174924)

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

4.3CVSS6.8AI score0.06232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.20 views

Ubuntu 14.04 LTS / 16.04 LTS : Twisted vulnerability (USN-3585-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3585-1 advisory. It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code. Tenable...

5.3CVSS6.1AI score0.02406EPSS
Exploits0References2
OSV
OSV
added 2018/03/05 4:8 p.m.1 views

USN-3585-1 twisted vulnerability

It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code...

5.3CVSS6.2AI score0.02406EPSS
Exploits0References2
OSV
OSV
added 2018/03/01 9:29 p.m.2 views

CVE-2018-7048

An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service memory consumption via a crafted HTTP request...

7.5CVSS5.8AI score0.01519EPSS
Exploits0References2
OSV
OSV
added 2018/02/26 11:40 p.m.9 views

MGASA-2018-0147 Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...

7.5CVSS7.4AI score0.02979EPSS
Exploits1References3
Mageia
Mageia
added 2018/02/26 11:40 p.m.44 views

Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...

7.5CVSS0.9AI score0.02979EPSS
Exploits1References2
n0where
n0where
added 2018/02/23 8:8 a.m.1522 views

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...

7.5CVSS0.5AI score0.77633EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2018/02/21 12:0 a.m.30 views

Ubuntu 14.04 LTS / 16.04 LTS : CUPS vulnerability (USN-3577-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3577-1 advisory. Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to localhost.localdomain from the loopback interface. If a user were...

7.5CVSS6.8AI score0.02979EPSS
Exploits1References2
Prion
Prion
added 2018/02/15 4:29 p.m.13 views

Sql injection

Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests tha...

6.5CVSS8.9AI score0.00916EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/02/15 4:0 p.m.66 views

CVE-2017-15329

Huawei UMA Product vulnerability CVE-2017-15329 is a SQL injection in the operation and maintenance module of UMA V200R001C00 due to insufficient input validation of HTTP requests. An attacker authenticated as a regular user can send crafted requests to execute arbitrary SQL queries. Public refer...

8.8CVSS8.9AI score0.00916EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2018/02/13 12:0 a.m.11 views

TypeSetter CMS 5.1 - Cross-Site Request Forgery

TypeSetter CMS 5.1 - Cross-Site Request Forgery Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/02/13 12:0 a.m.26 views

TypeSetter CMS 5.1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com...

6CVSS8AI score0.01963EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/02/13 12:0 a.m.19 views

TypeSetter CMS 5.1 - Cross-Site Request Forgery

Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : NA Category: Webapp CMS 1...

7.4AI score
Exploits0
Rows per page
Query Builder