Lucene search
K

4018 matches found

CERT
CERT
added 2015/09/09 12:0 a.m.31 views

Impero Education Pro classroom management software vulnerable to remote code execution

Overview Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms. Description CWE-321: Use of Hard-coded Cryptographic KeyCWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997 According to the...

10CVSS7.8AI score0.02643EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/08/06 12:0 a.m.5 views

SolarWinds Storage Manager AuthenticationFilter Policy Bypass

A policy bypass vulnerability has been reported in SolarWinds Storage Manager. The vulnerability is due to an issue where the AuthenticationFilter class fails to properly authenticate users prior to processing requests.A remote unauthenticated user can exploit this vulnerability by sending a...

2.7AI score
Exploits0
Cisco
Cisco
added 2015/07/27 8:54 p.m.25 views

Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certa...

5CVSS6.6AI score0.0127EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2015/06/19 12:0 a.m.48 views

ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities

Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1501 Release Date: ============= 2015-06-19 Vulnerability Laboratory ID VL-ID:...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication

No description provided by source. Exploit Title: ZKSoftware Biometric Attendence managnmnet HardwareMIPS Improper Authentication. Date: 20-3-2010 Author: FB1H2S Software Link: http://www.esslindia.com/install/eTimeTrack.zip Version: V2 Tested on: category: Remote Code : Advisory ZKSoftware...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

C.P.Sub 4.5 - Authentication Bypass

No description provided by source. !/usr/bin/python Exploit Title: C.P.Sub = v4.5 Misconfiguration and Improper Authentication Date: 2013/6/27 Exploit Author: Chako Vendor Homepage: http://www.cooltey.org/ping/php.php Software Download Link: http://cooltey.myweb.hinet.net/cpsubv4.5.zip Version: =...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/01/14 12:0 a.m.46 views

Burden 1.8 - Authentication Bypass

Burden 1.8 - Authentication Bypass Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013...

7.5CVSS0.8AI score0.16075EPSS
Exploits6
Exploit DB
Exploit DB
added 2014/01/14 12:0 a.m.56 views

Burden 1.8 - Authentication Bypass

Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013 Public Disclosure: January 8, 2014...

9.8CVSS9.1AI score0.16075EPSS
Exploits6
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.76 views

Improper Authentication in Burden

Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013 Public Disclosure: January 8, 2014...

7.5CVSS10AI score0.16075EPSS
Exploits6
Packet Storm
Packet Storm
added 2014/01/08 12:0 a.m.57 views

Burden 1.8 Privilege Escalation

Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013 Public Disclosure: January 8, 2014...

7.5CVSS0.7AI score0.16075EPSS
Exploits6
htbridge
htbridge
added 2013/12/18 12:0 a.m.37 views

Improper Authentication in Burden

High-Tech Bridge Security Research Lab discovered vulnerability in application authentication mechanism in Burden, which can be exploited by remote non-authenticated attacker to gain administrative access to the vulnerable application. 1 Improper Authentication in Burden: CVE-2013-7137 The...

7.5CVSS9.4AI score0.16075EPSS
Exploits6Affected Software1
Packet Storm
Packet Storm
added 2013/09/10 12:0 a.m.55 views

Open-Xchange AppSuite 7.2.2 Improper Authentication / Information Disclosure

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 28260 Bug ID Vulnerability type: CWE-16: Configuration, CWE-287: Improper Authentication, CWE-200: Information Exposure Vulnerable version: 7.0.0 to 7.2.2 Vulnerable component: backend default configuration Fixed version...

7.5CVSS6.5AI score0.01493EPSS
Exploits2
Exploit DB
Exploit DB
added 2013/07/01 12:0 a.m.27 views

C.P.Sub 4.5 - Authentication Bypass

!/usr/bin/python Exploit Title: C.P.Sub = v4.5 Misconfiguration and Improper Authentication Date: 2013/6/27 Exploit Author: Chako Vendor Homepage: http://www.cooltey.org/ping/php.php Software Download Link: http://cooltey.myweb.hinet.net/cpsubv4.5.zip Version: = v4.5 Tested on: Windows 7 Improper...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2013/07/01 12:0 a.m.13 views

C.P.Sub 4.5 - Authentication Bypass

C.P.Sub 4.5 - Authentication Bypass !/usr/bin/python Exploit Title: C.P.Sub = v4.5 Misconfiguration and Improper Authentication Date: 2013/6/27 Exploit Author: Chako Vendor Homepage: http://www.cooltey.org/ping/php.php Software Download Link: http://cooltey.myweb.hinet.net/cpsubv4.5.zip Version: ...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.16 views

C.P.Sub 4.5 Privilege Escalation

!/usr/bin/python Exploit Title: C.P.Sub = v4.5 Misconfiguration and Improper Authentication Date: 2013/6/27 Exploit Author: Chako Vendor Homepage: http://www.cooltey.org/ping/php.php Software Download Link: http://cooltey.myweb.hinet.net/cpsubv4.5.zip Version: = v4.5 Tested on: Windows 7 Improper...

0.6AI score
Exploits0
0day.today
0day.today
added 2013/06/30 12:0 a.m.15 views

C.P.Sub 4.5 Privilege Escalation Exploit

C.P.Sub versions 4.5 and below allows for administrative access escalation by the simple tweak of a user-supplied parameter. !/usr/bin/python Exploit Title: C.P.Sub = v4.5 Misconfiguration and Improper Authentication Date: 2013/6/27 Exploit Author: Chako Vendor Homepage:...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2012/11/14 12:0 a.m.83 views

ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities

ESA-2012-055.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-055 CVE Identifier: CVE-2012-4612, CVE-2012-4613 Severity Rating: See below for individual scores and refer vendor advisories for component...

6.9CVSS0.8AI score0.00931EPSS
Exploits0
Exploit DB
Exploit DB
added 2012/10/22 12:0 a.m.65 views

ATutor 1.2 - Multiple Vulnerabilities

Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authentication CWE-287, Cross-Site Scripting CWE-79...

7.5CVSS6.4AI score0.04697EPSS
Exploits7
exploitpack
exploitpack
added 2012/10/22 12:0 a.m.36 views

ATutor 1.2 - Multiple Vulnerabilities

ATutor 1.2 - Multiple Vulnerabilities Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authenticatio...

7.5CVSS0.04697EPSS
Exploits7
0day.today
0day.today
added 2012/10/21 12:0 a.m.71 views

ATutor 1.2 Multiple Vulnerabilities

SQL Injection CWE-89, Improper Authentication CWE-287, Cross-Site Scripting CWE-79 CVE References: CVE-2012-5167, CVE-2012-5168, CVE-2012-5169 CVSSv2 Base Scores: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P, 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P, 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Product: AContent Vendor: ATutor...

7.3AI score0.04697EPSS
Exploits7
Rows per page
Query Builder