Lucene search
K

6818 matches found

exploitpack
exploitpack
added 2014/11/06 12:0 a.m.29 views

VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read

VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/06 12:0 a.m.34 views

VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read

Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/05 12:0 a.m.40 views

VMWare vmx86.sys Arbitrary Kernel Read

Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...

0.3AI score
Exploits0
KoreLogic Security
KoreLogic Security
added 2014/11/04 12:0 a.m.494 views

VMWare vmx86.sys Arbitrary Kernel Read

Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273 Platform: Microsoft Windows XP SP3 x86, Microsoft Windows Server 2003 SP2 x86, Microsoft Windows 7 SP1 x86 CWE Classification: CWE-20: Improper Input Validation Impact: Arbitrary Read,...

6.4AI score
Exploits0Affected Software1
ICS
ICS
added 2014/10/13 6:0 a.m.33 views

MatrikonOPC Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 10, 2014, and is now being released to the NCCIC/ICS-CERT web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the...

7.1CVSS6.2AI score0.01255EPSS
Exploits0References10
ICS
ICS
added 2014/10/09 6:0 a.m.34 views

Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure portal library on January 06, 2014, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Schneider Electric...

5CVSS6.5AI score0.01358EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2014/09/10 1:9 p.m.2 views

Foreman: Improper input validation

Foreman has improper input validation which could lead to partial Denial of Service...

5.3CVSS5.8AI score0.01551EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/09/05 12:0 a.m.29 views

IBM WebSphere Portal Unspecified XSS (PI16127)

The version of IBM WebSphere Portal on the remote host is affected by an unspecified cross-site scripting vulnerability due to improper user input validation. An attacker can exploit this issue to execute code in the security context of a user's browser to steal authentication cookies...

4.3CVSS5.4AI score0.01808EPSS
Exploits0References3
CERT
CERT
added 2014/07/23 12:0 a.m.19 views

Resin Pro improperly performs Unicode transformations

Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...

5CVSS6.2AI score0.01665EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Greg Matthews Classifieds.cgi 1.0 Hidden Variable Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

RedHat Linux 6.x X Font Server DoS and Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1111/info A denial of service exists in the X11 font server shipped with RedHat Linux 6.x. Due to improper input validation, it is possible for any user to crash the X fontserver. This will prevent the X server from...

7.1AI score
Exploits0
erpscan
erpscan
added 2014/05/30 12:0 a.m.25 views

SAP NetWeaver Dispatcher Multiple Vulnerabilities - RCE, DoS

Application: SAP NetWeaver Dispatcher Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe 7000.52.12.34966 Vendor URL: http://www.sap.com Bugs: Buffer overflow CWE-119, Integer overflow CWE-190, Improper Input Validation CWE-20 CVSS: AV:N/AC:H/Au:S/C:C/I:C/A:C 7.1 Exploits: PoC Reported:...

1.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/05/23 12:0 a.m.28 views

IBM WebSphere Portal 'boot_config.jsp' XSS (PI16041)

The version of IBM WebSphere Portal on the remote host is affected by a cross-site scripting vulnerability in the 'bootconfig.jsp' script due to improper user input validation. An attacker could exploit this issue to execute code in the security context of a user's browser to steal authentication...

4.3CVSS5.7AI score0.01148EPSS
Exploits0References3
Huawei
Huawei
added 2014/04/23 12:0 a.m.24 views

Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products

Reported by the internal R&D engineers, several switch products does not validate the input properly. This vulnerability enables attacker to launch DoS attack by crafting and sending malformed packet to these vulnerable products Vulnerability ID: HWPSIRT-2014-0301. This Vulnerability has been...

7.8CVSS7.6AI score0.00924EPSS
Exploits0Affected Software7
ICS
ICS
added 2013/12/22 7:0 a.m.55 views

Siemens WinCC TIA Portal Vulnerabilities

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens WinCC TIA Totally Integrated Automation Portal HMI. Researchers Billy Rios and Terry McCorkle of Cylance; Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, and Ilya Karpov from...

4.6CVSS6.4AI score0.02328EPSS
Exploits0References10
ICS
ICS
added 2013/12/10 7:0 a.m.45 views

Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability

Overview This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov,...

9.3CVSS6.6AI score0.02078EPSS
Exploits0References10
ICS
ICS
added 2013/09/14 6:0 a.m.27 views

Cooper Power Systems Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. Coope...

6.2AI score
Exploits0References10
ICS
ICS
added 2013/09/05 6:0 a.m.36 views

Elecsys Director Gateway Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Elecsys Director Gateway application. Elecsys has produced a patch that mitigates this vulnerability. Adam Todorski has tested the patch to validate th...

4.3CVSS6.6AI score0.01164EPSS
Exploits0References10
ICS
ICS
added 2013/07/27 6:0 a.m.33 views

GE Proficy DNP3 Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site. General Electric GE Intelligent Platforms reported to NCCIC/ICS-CERT an improper input validation vulnerability in the DNP3 driver used...

6.1AI score
Exploits0References10
CERT
CERT
added 2013/07/26 12:0 a.m.25 views

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...

4.3CVSS6.1AI score0.01273EPSS
Exploits0References2
Rows per page
Query Builder