Lucene search
K

9147 matches found

Exploit DB
Exploit DB
added 2019/01/29 12:0 a.m.56 views

PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)

Exploit Title: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie Dork: N/A Date: 2019-01-28 Exploit Author: dd [email protected] Vendor Homepage: https://codecanyon.net/user/simcycreative Software Link:...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/28 9:41 a.m.163 views

What is a vulnerability and what is not?

It looks like a pretty simple question. I used it to started my MIPT lecture. But actually the answer is not so obvious. There are lots of formal definitions of a vulnerability. For example in NIST Glossary there are 17 different definitions. The most popular one used in 13 documents is:...

7.2CVSS7.8AI score0.2704EPSS
Exploits39
OPENSUSE Linux
OPENSUSE Linux
added 2019/01/17 12:0 a.m.278 views

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2019:0065-1 Rating: important References: 1024718 1046299 1050242 1050244 1051510 1055121 1055186 1058115 1060463 1065729 1078248 1079935 1082387 1083647 1086282 1086283 1086423 1087978 1088386 1090888...

8CVSS7.1AI score0.06609EPSS
Exploits6References142
CVE
CVE
added 2019/01/16 8:0 p.m.111 views

CVE-2018-5737

CVE-2018-5737 concerns ISC BIND 9.12.x. The issue arises from the implementation of the new serve-stale feature, which can trigger an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, interaction between serve-stale and NSEC aggressive negative caching can, in some ...

7.5CVSS6.3AI score0.10355EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/01/15 10:29 p.m.24 views

CVE-2019-3557

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as streamgetline, to trigger an out-of-bounds read when operating on such malformed streams. The implementations wer...

9.8CVSS9.5AI score0.01711EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/01/15 10:0 p.m.28 views

CVE-2019-3557

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as streamgetline, to trigger an out-of-bounds read when operating on such malformed streams. The implementations wer...

9.4AI score0.01711EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2019/01/15 12:32 p.m.252 views

36-Year-Old SCP Clients' Implementation Flaws Discovered

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol SCP implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol SCP, also known as...

6.8CVSS0.58204EPSS
Exploits10
Veracode
Veracode
added 2019/01/15 9:21 a.m.28 views

Improper Encryption Implementation

erlang has an improper encryption implementation. The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher...

5.9CVSS5.8AI score0.22098EPSS
Exploits0References14Affected Software8
Veracode
Veracode
added 2019/01/15 9:16 a.m.36 views

Timing Attack

tomcat-catalina is vulnerable to timing attacks. When the supplied username does not exist, the Realm implementation will not process the supplied password, making a timing attack possible to determine valid usernames. Note that the default configuration includes the LockOutRealm which makes...

5.9CVSS7.2AI score0.07991EPSS
Exploits0References39Affected Software6
Veracode
Veracode
added 2019/01/15 8:56 a.m.28 views

Authorization Bypass

kernel-rt is vulnerable to authorization bypass attacks. The vulnerability exists as the Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access...

2.1CVSS7AI score0.00534EPSS
Exploits1References14Affected Software2
Veracode
Veracode
added 2019/01/15 8:54 a.m.20 views

Information Disclosure

icedtea-web is vulnerable to information disclosure attacks. The vulnerability exists as the LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary...

2.1CVSS5.2AI score0.00482EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.33 views

Authorization Bypass

qemu-kvm is vulnerable to authorization bypass attacks. The vulnerability exists through a buffer overflow in the SCSI implementation in QEMU, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command...

7.2CVSS6.7AI score0.00434EPSS
Exploits0References93Affected Software2
Veracode
Veracode
added 2019/01/15 8:50 a.m.40 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service through a crafted application...

4.9CVSS5.4AI score0.00795EPSS
Exploits1References20Affected Software2
NVD
NVD
added 2019/01/11 6:29 p.m.16 views

CVE-2017-2411

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates...

5.9CVSS5.5AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/11 12:0 a.m.2 views

CloudBees Jenkins and LTS Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...

7.8CVSS6.8AI score0.00433EPSS
Exploits0References1
NVD
NVD
added 2019/01/10 9:29 p.m.12 views

CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

7.5CVSS7.5AI score0.02525EPSS
Exploits0References6
Prion
Prion
added 2019/01/10 9:29 p.m.15 views

Input validation

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

6.4CVSS7.6AI score0.02525EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/01/07 6:0 p.m.27 views

CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

6.8AI score0.00774EPSS
Exploits1References32
Prion
Prion
added 2019/01/07 5:29 p.m.31 views

Design/Logic Flaw

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

2.1CVSS6AI score0.00774EPSS
Exploits1References32Affected Software1
ThreatPost
ThreatPost
added 2019/01/02 3:42 p.m.20 views

Chrome in Android Leaks Device Fingerprinting Info

Google has issued a partial fix for an Android issue dating back to 2015 – after originally rejecting the bug report on the grounds of the mobile OS “working as intended.” The issue – which still doesn’t have a CVE designation despite being partially addressed as a problem – has to do with how...

7AI score
Exploits0References5
Rows per page
Query Builder