Lucene search
K

1933 matches found

GithubExploit
GithubExploit
added 2020/05/10 3:25 p.m.82 views

Exploit for Insertion of Sensitive Information into Log File in Canonical Subiquity

CVE-2020-11932 Double-Free bug in WhatsApp exploit poc. N...

2.3CVSS4.7AI score0.00592EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/04/23 12:0 a.m.144 views

User Management System 2.0 - Persistent Cross-Site Scripting

Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Version: v2.0 Tested on: Xampp Credit: İsmail BOZKU...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/04/21 9:55 a.m.6 views

Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and...

5.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/04/21 12:0 a.m.5 views

February 10, 2015 update for Office Web Apps Server 2013 (KB2956101)

February 10, 2015 update for Office Web Apps Server 2013 KB2956101 This article describes update KB2956101 for Microsoft Office Web Apps Server 2013 that was released on February 10, 2015. This update has a prerequisite. Improvements and Fixes Improves localization to make sure that the meanings...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/16 7:3 a.m.51 views

CVE-2019-20636

An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat fro...

7.2CVSS1.6AI score0.00384EPSS
Exploits0References3
CNVD
CNVD
added 2020/04/15 12:0 a.m.2 views

Unspecified Vulnerability in Oracle E-Business Suite Depot Repair

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. An unspecified vulnerability exists in Oracle...

8.2CVSS8.6AI score0.01282EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.3 views

The vulnerability of Firefox browsers, including Firefox ESR, arises from the lack of protective measures for website structure, allowing attackers to compromise data integrity.

The vulnerability of Firefox browsers and Firefox ESR is related to an error in inserting hyperlinks directly into the text node of elements. Exploiting this vulnerability can allow a remote attacker to compromise data integrity...

6.1CVSS7AI score0.01988EPSS
Exploits0References23Affected Software7
Veracode
Veracode
added 2020/04/10 1:2 a.m.19 views

Access Control Bypass

encryptfs-utils is vulnerable to access control bypass. An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user'...

4.4CVSS2.2AI score0.00352EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/04/10 12:18 a.m.29 views

Improper Session Handling

php is vulnerable to improper session handling. The vulnerability exists as an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL...

4.3CVSS2.9AI score0.07919EPSS
Exploits0References34Affected Software1
NVD
NVD
added 2020/03/30 7:15 p.m.28 views

CVE-2020-7599

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

6.5CVSS6.4AI score0.00481EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/30 12:0 a.m.46 views

Fedora 30 : ckeditor (2020-261449d821)

CKEditor 4.14 Security Updates: - CVE-2020-9281 Fixed XSS vulnerability in the HTML data processor reported by Micha Bentkowski of Securitum. Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: i switch CKEditor to source mode, then ii paste a specially...

6.1CVSS6.5AI score0.04327EPSS
Exploits0References40
CNVD
CNVD
added 2020/03/12 12:0 a.m.5 views

SAP Data Services Cross-Site Request Forgery Vulnerability

SAP Data Services is a set of enterprise data management software from Germany's SAP. The software supports the processing of structured and unstructured data, and supports data conversion, cleaning and matching functions. A cross-site request forgery vulnerability exists in SAP Data Services. An...

4.7CVSS6.7AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2020/02/07 11:15 p.m.12 views

CVE-2020-8812

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...

5.4CVSS5.5AI score0.00606EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/07 10:59 p.m.20 views

CVE-2020-8812

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...

5.5AI score0.00606EPSS
Exploits1References1
RustSec
RustSec
added 2020/01/24 12:0 p.m.28 views

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

5.5CVSS1.5AI score0.00334EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/01/15 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Database Server (CNVD-2020-04348)

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in Oracle Database Server. An attacker could exploit this vulnerability to unauthorized update,...

3.9CVSS6.4AI score0.00324EPSS
Exploits0References1
Veracode
Veracode
added 2020/01/02 7:56 a.m.19 views

Cross-site Scripting (XSS)

craftcms is vulnerable to Cross-site Scripting XSS. The vulnerability exists because it does not handle the header insertion field when adding source code at an s/admin/entries/news/new URI...

6.1CVSS6AI score0.02591EPSS
Exploits5References2Affected Software1
Exploit DB
Exploit DB
added 2020/01/01 12:0 a.m.1115 views

Shopping Portal ProVersion 3.0 - Authentication Bypass

Exploit Title: Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Descriptio...

7.4AI score
Exploits0
NVD
NVD
added 2019/12/31 5:15 p.m.24 views

CVE-2019-9554

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI...

6.1CVSS6.1AI score0.02591EPSS
Exploits5References2
OSV
OSV
added 2019/12/31 5:15 p.m.13 views

CVE-2019-9554

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI...

6.1CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder