Lucene search
K

7691 matches found

Veeam
Veeam
added 2018/05/09 12:0 a.m.15 views

The Update cannot be installed due to the websites configuration issue

Challenge The Update cannot be installed. The installation fails with the error message: "The object identifier does not represent a valid object. Exception from HRESULT: 0x800710D8" Cause Veeam ONE websites do not have proper bindings on the Internet Information Services IIS side. Solution To fi...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/05/07 12:27 p.m.7 views

samling.nasjonalmuseet.no XSS vulnerability

Open Bug Bounty ID: OBB-613423 Description| Value ---|--- Affected Website:| samling.nasjonalmuseet.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
0day.today
0day.today
added 2018/05/05 12:0 a.m.105 views

D-Link DIR-601 Failed Password Change Control Vulnerability

Exploit for hardware platform in category web applications Suggested description D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. ------------------------------------------ Additional Information Insecure Authentication Practices i...

0.2AI score0.01785EPSS
Exploits2
Hacker One
Hacker One
added 2018/05/04 12:33 a.m.80 views

Semmle: Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning

Summary: Docker Registry HTTP API v2 is exposed in HTTP without authentication. An attacker can use it to dump your docker images and poison them. Description: While digging into the environment that hosts the sandboxed build container, I came across the port 5000 open on another machine probably...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2018/04/30 8:1 p.m.43 views

Ed: Session cookie missing SecureFlag on git.edoverflow.com.

Assigned to:-ED Assigned by:- Kirtikumar Anandrao Ramchandani Assigned on:- 01/05/2018 Bug overview:- Session Cookie without secure flag. Cookie Name:- gitlabsession Description:-Risk description: Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/04/30 12:0 a.m.24 views

Debian DLA-1366-1 : wordpress security update

Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2018-10100 The redirection URL for the login page was not validated or sanitized if forced to use HTTPS. CVE-2018-10102 The version string w...

6.1CVSS6.2AI score0.05259EPSS
Exploits0References4
myhack58
myhack58
added 2018/04/26 12:0 a.m.20 views

Use the password reset functions to achieve account-hijacking-vulnerability warning-the black bar safety net

Recently, I attended a platform to invite vulnerability testing project, in which the discovery of a unique account hijacking vulnerability, the entire vulnerability discovery process very unexpected but also very lucky, by the password reset function can be achieved account hijacking, and I will...

8.1AI score
Exploits0
Node.js
Node.js
added 2018/04/24 3:54 p.m.23 views

Denial of Service

Overview Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options proxy.auth being passed to Buffer. Recommendation Update to version 2.2.0 or later. References - index.js Line 207 - HackerOne Report - GitHub Advisory...

6.7AI score
Exploits0Affected Software1
NVD
NVD
added 2018/04/19 2:29 a.m.26 views

CVE-2018-2765

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware subcomponent: Oracle SSL API. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

7.5CVSS6.6AI score0.03439EPSS
Exploits0References4
NVD
NVD
added 2018/04/19 2:29 a.m.22 views

CVE-2018-2760

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OSSL Module. Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server...

5.9CVSS4.9AI score0.02093EPSS
Exploits0References3
Prion
Prion
added 2018/04/19 2:29 a.m.18 views

Design/Logic Flaw

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OSSL Module. Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server...

4.3CVSS5.7AI score0.02093EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2018/04/19 2:0 a.m.10 views

CVE-2018-2760

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OSSL Module. Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server...

6AI score0.02093EPSS
Exploits0References3
CVE
CVE
added 2018/04/19 2:0 a.m.47 views

CVE-2018-2765

CVE-2018-2765 affects Oracle Fusion Middleware’s Security Service component (subcomponent: Oracle SSL API). Affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. The vulnerability allows an unauthenticated attacker with network access via HTTPS to access Oracle Security Service data, po...

7.5CVSS7.3AI score0.03439EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2018/04/19 2:0 a.m.8 views

CVE-2018-2765

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware subcomponent: Oracle SSL API. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

6.4AI score0.03439EPSS
Exploits0References4
NVD
NVD
added 2018/04/16 9:58 a.m.14 views

CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

6.1CVSS6.2AI score0.03398EPSS
Exploits0References8
OSV
OSV
added 2018/04/16 9:58 a.m.13 views

CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

6.1CVSS6.5AI score
Exploits0References8
Prion
Prion
added 2018/04/16 9:58 a.m.22 views

Hardcoded credentials

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

5.8CVSS6.1AI score0.03398EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2018/04/16 9:58 a.m.28 views

CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

6.1CVSS6.3AI score0.03398EPSS
Exploits0References5
Cvelist
Cvelist
added 2018/04/14 1:0 p.m.24 views

CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

6.1AI score0.03398EPSS
Exploits0References8
CVE
CVE
added 2018/04/14 1:0 p.m.148 views

CVE-2018-10100

CVE-2018-10100 affects WordPress, with the login redirect URL not validated/sanitized when HTTPS is forced (pre-4.9.5). Related issues include CVE-2018-10102, where the generator tag’s version string could enable XSS via unsanitized output. Debian and Debian-LTS advisories (DSA-4193-1, DLA-1366-1...

6.1CVSS6AI score0.03398EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder