CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7685 matches found

ArchLinux•added 2014/12/15 12:0 a.m.•63 views

python2: multiple issues

CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...

5.8CVSS0.4AI score0.03913EPSS

Exploits2References8

Fedora•added 2014/12/13 9:46 a.m.•30 views

[SECURITY] Fedora 20 Update: curl-7.32.0-17.fc20

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

5CVSS0.05599EPSS

Exploits1

UbuntuCve•added 2014/12/12 11:59 a.m.•30 views

CVE-2014-9365

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

5.8CVSS6.9AI score0.03269EPSS

Exploits1References2

Cvelist•added 2014/12/12 11:0 a.m.•35 views

CVE-2014-9365

7.3AI score0.03269EPSS

Exploits1References13

OSV•added 2014/12/12 11:0 a.m.•6 views

PSF-2014-7 Validate TLS certificate

5.8CVSS7.3AI score0.03269EPSS

Exploits1References2

ThreatPost•added 2014/12/09 2:13 p.m.•19 views

Yik Yak Patches Privacy Flaw in iOS App

Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone’s account. Yik Yak’s security team was apparently...

6.7AI score

Exploits0References6

Kitploit•added 2014/12/09 1:6 a.m.•26 views

THC-Hydra 8.1 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

7.6AI score

Exploits0

myhack58•added 2014/12/06 12:0 a.m.•20 views

CVE-2 0 1 4-6 3 2 1 schannel heap overflow vulnerability analysis-vulnerability warning-the black bar safety net

0x00 background MS14-0 6 6 CVE-2 0 1 4-6 3 2 1 is present in Microsoft's schannel. dll in the TLS heap buffer overflow vulnerability. The following principles and poc structure for analysis. 0x01 SSL/TLS principle description Https is based on SSL/TLS Http, all http data is in the SSL/TLS Protoco...

0.4AI score

Exploits0

CERT•added 2014/12/05 12:0 a.m.•39 views

Zenoss Core contains multiple vulnerabilities

Overview The Zenoss Core application, server, and network management platform software contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code. Description The Zenoss Core application, server, and network management platform software...

9.3CVSS8.4AI score0.19683EPSS

Exploits0References1

securityvulns•added 2014/12/01 12:0 a.m.•65 views

Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundacion Dr. Manuel Sadosky - Programa STIC Advisory http://www.fundacionsadosky.org.ar Insecure management of login credentials in PicsArt Photo Studio for Android 1. Advisory Information Title: Insecure management of login credentials in PicsArt...

5.4CVSS0.2AI score0.00271EPSS

Exploits2

Prion•added 2014/11/24 3:59 p.m.•25 views

Cross site request forgery (csrf)

Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions...

6.8CVSS6.9AI score0.02458EPSS

Exploits0References6Affected Software2

UbuntuCve•added 2014/11/24 3:59 p.m.•40 views

CVE-2014-9015

6.8CVSS6.4AI score0.02458EPSS

Exploits0References2

Debian CVE•added 2014/11/24 3:0 p.m.•34 views

CVE-2014-9015

Removed by vendor...

6.8CVSS6.2AI score0.02458EPSS

Exploits0

Drupal•added 2014/11/19 12:0 a.m.•651 views

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006

Session hijacking Drupal 6 and 7 A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content "mixed-mode", but it is possible...

6.8CVSS6.2AI score0.82699EPSS

Exploits3References20

ThreatPost•added 2014/11/18 1:40 p.m.•12 views

EFF, Others Plan to Make Encrypting the Web Easier in 2015

By all accounts, switching web servers over to HTTPS from HTTP has long been viewed as a fickle affair; HTTPS/SSL certificates are expensive and on top of that notoriously cumbersome to install and maintain. A new coalition comprised of The Electronic Frontier Foundation EFF and a handful of othe...

0.1AI score

Exploits0References1

OSV•added 2014/11/17 4:59 p.m.•1 views

DEBIAN-CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7AI score0.01867EPSS

Exploits0References1