Lucene search
K

5908 matches found

NVD
NVD
added 2017/12/09 6:29 a.m.17 views

CVE-2017-3111

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances...

7.5CVSS7.5AI score0.06795EPSS
Exploits0References3
seebug.org
seebug.org
added 2017/12/08 12:0 a.m.43 views

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2017/12/07 12:0 a.m.40 views

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

6.9AI score
Exploits0
NVD
NVD
added 2017/12/06 12:29 a.m.24 views

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

9.8CVSS9.4AI score0.0132EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/06 12:0 a.m.21 views

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

9.4AI score0.0132EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2017/12/04 12:0 a.m.17 views

Apache HTTPD mod_http2 Null Pointer Dereference (CVE-2017-7659)

A null pointer dereference vulnerability exists in the modhttp2 module of Apache HTTPD. This vulnerability is due to improper handling of HTTP requests. A remote, unauthenticated attacker could exploit these vulnerability by sending maliciously crafted HTTP request to the affected server...

5CVSS1.4AI score0.53939EPSS
Exploits0
NVD
NVD
added 2017/11/30 9:29 a.m.23 views

CVE-2017-12354

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

5.3CVSS5.1AI score0.02247EPSS
Exploits0References3
Prion
Prion
added 2017/11/30 9:29 a.m.19 views

Design/Logic Flaw

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

5CVSS5.1AI score0.02247EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/11/30 9:0 a.m.21 views

CVE-2017-12354

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

5.1AI score0.02247EPSS
Exploits0References3
CVE
CVE
added 2017/11/30 9:0 a.m.65 views

CVE-2017-12354

The CVE-2017-12354 issue affects Cisco Secure Access Control System (ACS) web-based interface, where an unauthenticated, remote attacker can view sensitive system software version information. Root cause: the software does not adequately protect version information in responses to HTTP requests. ...

5.3CVSS5.1AI score0.02247EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2017/11/29 4:0 p.m.34 views

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

5.3CVSS5.1AI score0.02247EPSS
Exploits0References1
NVD
NVD
added 2017/11/22 7:29 p.m.12 views

CVE-2017-8153

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

7.1CVSS6.9AI score0.0061EPSS
Exploits0References1
Prion
Prion
added 2017/11/22 7:29 p.m.13 views

Privilege escalation

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

5.8CVSS6.8AI score0.0061EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/11/22 7:0 p.m.19 views

CVE-2017-8153

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

6.9AI score0.0061EPSS
Exploits0References1
seebug.org
seebug.org
added 2017/11/13 12:0 a.m.44 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities

Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. XSS issues were als...

7AI score
Exploits0
OSV
OSV
added 2017/11/07 4:29 p.m.4 views

CVE-2017-2915

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by t...

8CVSS6AI score0.01441EPSS
Exploits2References1
NVD
NVD
added 2017/11/07 4:29 p.m.23 views

CVE-2017-2915

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by t...

9CVSS8.3AI score0.01441EPSS
Exploits2References1
Prion
Prion
added 2017/11/07 4:29 p.m.10 views

Design/Logic Flaw

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by t...

7.7CVSS8AI score0.01441EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2017/11/07 4:0 p.m.55 views

CVE-2017-2915

CVE-2017-2915 (Circle with Disney) affects Circle with Disney firmware 2.0.1. The vulnerability lies in the WiFi configuration flow: the device reads SSID data from an AP scan and passes unsanitized values to a system() call via restart_wifi.sh, enabling an attacker to inject commands. The exploi...

9CVSS8AI score0.01441EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.26 views

CVE-2017-2915

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by t...

9CVSS8AI score0.01441EPSS
Exploits2References1
Rows per page
Query Builder