Lucene search
K

7690 matches found

Openbugbounty
Openbugbounty
added 2017/04/25 7:15 p.m.8 views

cluthaprint.co.nz XSS vulnerability

Vulnerable URL: https://www.cluthaprint.co.nz/cart.php?id=9=0=8"';--=add\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 21398161 VIP website status:| No Check cluthaprint.co.nz S...

6.3AI score
Exploits0
NVD
NVD
added 2017/04/24 7:59 p.m.24 views

CVE-2017-3518

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control subcomponent: Discovery Framework. Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access v...

7.5CVSS7.2AI score0.02518EPSS
Exploits0References3
Prion
Prion
added 2017/04/24 7:59 p.m.19 views

Code injection

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control subcomponent: Discovery Framework. Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access v...

5CVSS6.6AI score0.02518EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/04/24 7:0 p.m.49 views

CVE-2017-3499

CVE-2017-3499 affects Oracle Fusion Middleware’s Oracle Social Network Android Client (prior to 11.1.12.0.0). It is exploitable over HTTPS by an unauthenticated, network-accessing attacker, potentially leading to unauthorized access to confidential Oracle Social Network data. Root cause and speci...

7.8CVSS7AI score0.0254EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2017/04/24 7:0 p.m.4 views

CVE-2017-3499

Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware subcomponent: Android Client. The supported version that is affected is prior to 11.1.12.0.0 17019101. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise...

6.3AI score0.0254EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/04/24 12:0 a.m.30 views

Fedora 24 : php-pear-CAS (2017-d9d620366e)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/24 12:0 a.m.15 views

Fedora 25 : php-pear-CAS (2017-2a90185a04)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

5.6AI score
Exploits0References1
NVD
NVD
added 2017/04/21 8:59 p.m.19 views

CVE-2016-1520

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...

7.8CVSS7.7AI score0.02161EPSS
Exploits1References3
Prion
Prion
added 2017/04/21 8:59 p.m.18 views

Design/Logic Flaw

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...

6.8CVSS8AI score0.02161EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2017/04/21 8:59 p.m.13 views

Session fixation

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have...

6.8CVSS7AI score0.01723EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/04/21 8:59 p.m.23 views

CVE-2016-1518

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have...

8.1CVSS8.1AI score0.01723EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/04/21 8:0 p.m.26 views

CVE-2016-1520

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...

7.8AI score0.02161EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2017/04/21 5:31 a.m.61 views

oppo.com XSS vulnerability

Vulnerable URL: http://www.oppo.com/my/supports/imei-check/checkimei.php?ino="--! Details: Description| Value ---|--- Patched:| Yes, at 21.09.2017 Latest check for patch:| 21.09.2017 01:13 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9247 VIP website status:|...

6.3AI score
Exploits0
Ubuntu
Ubuntu
added 2017/04/20 7:22 p.m.59 views

USN-3262-1: curl vulnerability

It was discovered that curl incorrectly handled client certificates when resuming a TLS session. A remote attacker could use this to hijack a previously authenticated connection...

7.5CVSS6.6AI score0.01862EPSS
Exploits0
seebug.org
seebug.org
added 2017/04/13 12:0 a.m.123 views

Django is_safe_url() the URL to jump to the filter function of the Bypass(CVE-2017-7233)

Source: same thread safety Emergency Response Center Author: Nearg1e@YSRC Foreign security researcher roks0n provided to the Django official of a vulnerability. On issafeurl function Django comes with a function: django. utils. http. issafeurlurl, host=None, allowedhosts=None, requirehttps=False...

5.8CVSS6.9AI score0.02384EPSS
Exploits1
ThreatPost
ThreatPost
added 2017/04/12 5:4 p.m.23 views

Netflix's HTTPS Update Can't Combat Passive Traffic Analysis Attacks

Academics argue that Netflix’s recent upgrade to HTTPS is doing little to protect its users from a passive traffic analysis attack. According to Andrew Reed and Michael Kranch, researchers with the U.S. Military Academy at West Point, it wouldn’t take much work for an attacker to capture traffic...

0.1AI score
Exploits0References3
Fedora
Fedora
added 2017/04/09 9:53 p.m.29 views

[SECURITY] Fedora 25 Update: curl-7.51.0-6.fc25

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

2.4CVSS0.00581EPSS
Exploits0
Prion
Prion
added 2017/04/05 4:59 p.m.10 views

Design/Logic Flaw

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority CA and dynamically generates digital certificates that are sent to client browsers to...

4CVSS6.5AI score0.04071EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2017/04/05 4:59 p.m.16 views

Improper access control

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

4CVSS6.6AI score0.03919EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2017/04/05 4:59 p.m.20 views

CVE-2017-6339

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority CA and dynamically generates digital certificates that are sent to client browsers to...

6.5CVSS6.6AI score0.04071EPSS
Exploits5References3
Rows per page
Query Builder