Lucene search
K

5908 matches found

Prion
Prion
added 2018/02/08 7:29 a.m.26 views

Sql injection

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

4CVSS5.2AI score0.01422EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/02/08 7:29 a.m.29 views

CVE-2018-0120

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

4.3CVSS5.2AI score0.01422EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/02/08 7:0 a.m.31 views

CVE-2018-0120

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

5.2AI score0.01422EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2018/02/08 7:0 a.m.10 views

CVE-2018-0120

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

7.8AI score0.01422EPSS
Exploits0References3
NVD
NVD
added 2018/02/07 11:29 p.m.27 views

CVE-2017-15397

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...

7.4CVSS7AI score0.00428EPSS
Exploits0References4
Prion
Prion
added 2018/02/07 11:29 p.m.16 views

Design/Logic Flaw

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...

5.8CVSS7.3AI score0.00428EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/02/07 11:0 p.m.25 views

CVE-2017-15397

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...

7.4AI score0.00428EPSS
Exploits0References4
CVE
CVE
added 2018/02/07 11:0 p.m.71 views

CVE-2017-15397

CVE-2017-15397 describes an issue in Google Chrome OS where the ChromeVox component allowed a remote attacker, positioned on the network, to observe or tamper with plaintext HTTP requests. Root cause is an inappropriate implementation within ChromeVox that mishandled plaintext network traffic. Th...

7.4CVSS7.3AI score0.00428EPSS
Exploits0References4Affected Software1
Cisco
Cisco
added 2018/02/07 4:0 p.m.41 views

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

5.4CVSS1.7AI score0.01422EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/01/30 5:2 p.m.68 views

Semrush: CORS (Cross-Origin Resource Sharing)

Affected URL: https://ta.semrush.com/version/ Description: The application implements an HTML5 cross-origin resource sharing CORS policy for this request which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with the applicatio...

6.6AI score
Exploits0
OSV
OSV
added 2018/01/29 4:29 p.m.6 views

CVE-2017-14190

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests...

6.1CVSS5.9AI score0.01075EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2018/01/29 4:0 p.m.11 views

CVE-2017-14190

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests...

6.2AI score0.01075EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2018/01/29 12:0 a.m.34 views

[ASA-201801-22] lib32-curl: multiple issues

Arch Linux Security Advisory ASA-201801-22 ========================================== Severity: Medium Date : 2018-01-29 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-594 Summary ======= The package...

9.8CVSS9.3AI score0.08031EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/01/29 12:0 a.m.39 views

FreeBSD : cURL -- Multiple vulnerabilities (0cbf0fa6-dcb7-469c-b87a-f94cffd94583)

The cURL project reports : libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X...

9.8CVSS7AI score0.08031EPSS
Exploits0References3
exploitpack
exploitpack
added 2018/01/25 12:0 a.m.14 views

ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password

ASUS DSL-N14U B1 Router 1.1.2.3345 - Change Administrator Password import requests import sys import urllib3 ip = sys.argv1 user = sys.argv2 newPassword = sys.argv3 requests.packages.urilib3.disablewarnings urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning data = "groupid": '',...

1.1AI score
Exploits0
NVD
NVD
added 2018/01/24 10:29 p.m.22 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS8AI score0.08031EPSS
Exploits0References14
Prion
Prion
added 2018/01/24 10:29 p.m.31 views

Authentication flaw

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

5CVSS7.7AI score0.08031EPSS
Exploits0References14Affected Software14
OSV
OSV
added 2018/01/24 10:29 p.m.32 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS9.7AI score0.08031EPSS
Exploits0References14
Cvelist
Cvelist
added 2018/01/24 10:0 p.m.25 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

8.2AI score0.08031EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2018/01/24 10:0 p.m.41 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS7.7AI score0.08031EPSS
Exploits0
Rows per page
Query Builder