Lucene search
K

262 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/11/26 12:0 a.m.40 views

JVN#19386781: STAMP Workbench installer may insecurely load Dynamic Link Libraries

STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading...

7.8CVSS7.7AI score0.00755EPSS
Exploits0
Prion
Prion
added 2019/11/25 10:15 p.m.9 views

Code injection

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system...

6.6CVSS6.9AI score0.00398EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/11/21 3:15 p.m.12 views

CVE-2014-1937

Gamera before 3.4.1 insecurely creates temporary files...

7.5CVSS7.6AI score0.01317EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/11/12 1:12 p.m.15 views

CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

5.5AI score0.0049EPSS
Exploits0References4
Prion
Prion
added 2019/11/05 8:15 p.m.16 views

Design/Logic Flaw

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function...

5.8CVSS7.1AI score0.00542EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/11/04 10:15 p.m.22 views

Design/Logic Flaw

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files...

3.6CVSS7AI score0.00309EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2019/11/04 9:16 p.m.84 views

CVE-2013-4374

CVE-2013-4374 describes an insecure temporary file storage vulnerability in the RHQ MongoDB Drift Server up to 2013-09-25, triggered when unpacking zipped files. The flaw causes unpacked files to land in a world-writable directory, which could permit local attackers to modify/tamper with files an...

7.1CVSS6.8AI score0.00309EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/04 9:16 p.m.29 views

CVE-2013-4374

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files...

6.9AI score0.00309EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2019/09/21 1:0 p.m.173 views

WeWork's Wi-Fi Is Woefully Insecure

The Saudi oil strike, a license plate privacy disaster, and more of the week's top security news...

1.8AI score
Exploits0
NVD
NVD
added 2019/08/02 5:15 p.m.19 views

CVE-2017-18460

cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation SEC-221...

7.8CVSS8AI score0.0047EPSS
Exploits0References2
NVD
NVD
added 2019/08/01 2:15 p.m.24 views

CVE-2018-20886

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

5.3CVSS5.4AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2019/02/28 5:0 p.m.50 views

CVE-2019-1994

CVE-2019-1994 affects Android 8.0–9 where DevelopmentTiles.java could leave development settings accessible due to an insecure default. This Elevation of Privilege vulnerability could grant access to development settings with no extra privileges; exploitation requires user interaction. Affected s...

9.3CVSS8.2AI score0.01007EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/02/09 10:29 p.m.22 views

CVE-2019-7674

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user...

9.8CVSS9.4AI score0.01345EPSS
Exploits1References1
Schneier on Security
Schneier on Security
added 2018/11/01 11:18 a.m.34 views

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easie...

0.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/12 12:0 a.m.57 views

JVN#92265618: LINE for Windows may insecurely load Dynamic Link Libraries

LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code...

7.8CVSS7.6AI score0.00796EPSS
Exploits0
0day.today
0day.today
added 2018/05/21 12:0 a.m.69 views

GitBucket 4.23.1 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

Exploits0
OSV
OSV
added 2018/05/14 2:29 p.m.4 views

CVE-2018-10252

An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its...

8.1CVSS5.8AI score0.00917EPSS
Exploits0References1
CVE
CVE
added 2018/04/18 2:0 p.m.53 views

CVE-2015-9166

CVE-2015-9166 concerns DRM provisioning in QSEE-based components on Qualcomm Snapdragon platforms. The issue arises because the finalize_prov_flag.data mechanism, intended to prevent further provisioning after initial provisioning, is not sufficiently checked, allowing provisioning to proceed eve...

7.5CVSS7.7AI score0.00743EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/04/11 7:29 p.m.30 views

CVE-2018-0023

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...

5.5CVSS5.4AI score0.00297EPSS
Exploits0References2
Veracode
Veracode
added 2018/04/11 5:2 a.m.11 views

Insecure Randomness

django-oscar is contains a insecure randomness vulnerability. The vulnerability exists as the verificationhash method in the AbstractOrder model uses the MD5 hashing algorithm in an insecure way which allows attackers to perform a brute force attack to recover the site-wide secret key...

6.6AI score
Exploits0
Rows per page
Query Builder