CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2131 matches found

Metasploit•added 2017/11/25 2:27 a.m.•42 views

Linux Meterpreter, Reverse HTTP Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1622448 include...

7.3AI score

Exploits0

Metasploit•added 2017/11/25 2:27 a.m.•42 views

OSX Meterpreter, Reverse HTTPS Inline

7.3AI score

Exploits0

Packet Storm•added 2017/11/25 12:0 a.m.•33 views

Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget_Shared Failed Return

Microsoft Edge: Chakra: JIT: Inline::InlineCallApplyTargetShared doesn't return the return instruction CVE-2017-11841 Here's a snippet of Inline::Optimize. FOREACHINSTREDITINGinstr, instrNext, func-mheadInstr switch instr-mopcode case Js::OpCode::Label: ... if instr-AsLabelInstr-misForInExit...

7.7AI score0.80398EPSS

Exploits17

Tenable Nessus•added 2017/11/17 12:0 a.m.•19 views

Fedora 26 : knot / knot-resolver (2017-31519ecf40)

"Major updates for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 2017-11-02 ================================ Bugfixes -------- - fix loading modules on Darwin Improvements ------------ - new module tasignalquery supporting Signaling Trust Anchor Knowledge using Keytag Query RFC 8145 section 5...

5.4AI score

Exploits0References1

Metasploit•added 2017/10/30 7:4 p.m.•43 views

Linux Meterpreter, Reverse HTTP Inline

7.3AI score

Exploits0

Metasploit•added 2017/10/30 7:4 p.m.•46 views

Linux Meterpreter, Reverse HTTPS Inline

7.3AI score

Exploits0

Prion•added 2017/10/05 7:29 a.m.•15 views

Cross site scripting

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...

4.3CVSS6.2AI score0.0257EPSS

Exploits0References3

CVE•added 2017/10/05 7:0 a.m.•77 views

CVE-2017-12258

CVE-2017-12258 affects Cisco Unified Communications Manager (CUCM) Web UI. The flaw stems from insufficient protections for HTML inline frames (iframes), enabling an unauthenticated, remote attacker to direct a user to a page containing a malicious iframe to perform a click-jacking/XSF-style brow...

6.1CVSS6.3AI score0.0257EPSS

Exploits0References3Affected Software1

Cisco•added 2017/10/04 4:0 p.m.•68 views

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

4.7CVSS6.3AI score0.0257EPSS

Exploits0References1

Hacker One•added 2017/10/02 4:29 p.m.•20 views

Radancy: [werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages.

Hi Dear Maximum Team Hope you are good! Vulnerablity Summary The HTTP header of the werkenbijmcdonalds.nl website includes an unsafe-inline parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed...

6.5AI score

Exploits0

Tenable Nessus•added 2017/08/21 12:0 a.m.•30 views

openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955)

This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with...

10CVSS7.3AI score0.0852EPSS

Exploits12References17

OPENSUSE Linux•added 2017/08/18 3:7 p.m.•322 views

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marqu...

9.8AI score0.0852EPSS

Exploits12References1

OSV•added 2017/08/07 9:29 p.m.•1 views

DEBIAN-CVE-2017-12666

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c...

8.8CVSS6.8AI score0.00383EPSS

Exploits0References1

Metasploit•added 2017/07/18 6:13 p.m.•42 views

Linux Meterpreter, Reverse HTTP Inline

7.3AI score

Exploits0

Metasploit•added 2017/07/18 6:13 p.m.•47 views

Linux Meterpreter, Reverse TCP Inline

7.3AI score

Exploits0

Metasploit•added 2017/07/18 6:13 p.m.•40 views

Linux Meterpreter, Reverse HTTP Inline

7.3AI score

Exploits0

exploitpack•added 2017/06/30 12:0 a.m.•17 views

Google Chrome - Out-of-Bounds Access in RegExp Stubs

Google Chrome - Out-of-Bounds Access in RegExp Stubs There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this chec...

0.5AI score

Exploits0

Metasploit•added 2017/06/09 7:15 a.m.•41 views

Linux Meterpreter, Reverse HTTP Inline

7.3AI score

Exploits0

Metasploit•added 2017/06/09 7:15 a.m.•177 views

Linux Meterpreter, Reverse HTTPS Inline

7.3AI score

Exploits0

Hacker One•added 2017/05/24 6:20 p.m.•22 views

Gratipay: Gratipay Website CSP "script-scr" includes "unsafe-inline"

Summary: ======== The HTTP header of the gratipay.com website includes an unsafe CSP parameter for "script-src". Description: ========== has a Content-Security-Policy configured the "script-src" parameter is set to "unsafe-inline", which allows injection of user passed values, which in result can...

6.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by