Lucene search
+L

257 matches found

0day.today
0day.today
added 2017/12/15 12:0 a.m.148 views

Kemp Load Balancer WAF 7.2.40 Bypass Vulnerability

Exploit for hardware platform in category web applications 1. ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions...

6.4CVSS9.1AI score0.01223EPSS
Exploits3
Filippo.io
Filippo.io
added 2017/08/12 11:39 p.m.17 views

Cleaning up my GOPATH with Homebrew

tl;dr: use the script at the bottom to go get into the Homebrew "Cellar" and keep your GOPATH clean. I personally like GOPATH and import paths, but while trying to reduce my laptop to a thin reproducible client, I felt the pain of keeping track of the hundreds of repositories that end up in there...

7.4AI score
Exploits0
OSV
OSV
added 2017/08/07 6:29 a.m.1 views

CVE-2017-6766

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...

7.5CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2017/01/20 3:0 p.m.80 views

CVE-2014-2045

CVE-2014-2045 affects Viprinet Multichannel VPN Router 300. The issue is multiple cross‑site scripting (XSS) vulnerabilities in both the device’s old and new web interfaces, exploitable via crafted usernames or other parameters (e.g., hostname, config inspect, atcommands, ping tool). Exploitation...

6.1CVSS6.1AI score0.04529EPSS
Exploits5References5Affected Software1
Citrix
Citrix
added 2016/09/30 12:0 a.m.8 views

vhd-util tool to inspect the VHD headers of a VHD

vhd-util is a native utility of a XenServer used to inspect the VHD headers of a VHD. This will be useful to inspect the parent child relationship in VHD files...

7AI score
Exploits0
NVD
NVD
added 2016/05/20 2:59 p.m.14 views

CVE-2016-3693

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

8.1CVSS7.9AI score0.02131EPSS
Exploits0References7
Prion
Prion
added 2016/05/20 2:59 p.m.16 views

Information disclosure

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

6.8CVSS6.5AI score0.02131EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2016/05/20 12:0 a.m.5 views

PT-2016-5662 · Ruby · Safemode

Name of the Vulnerable Software and Affected Versions: Safemode gem versions prior to 1.2.4 Description: The issue allows context-dependent attackers to obtain sensitive information via the inspect method when the Safemode gem is initialized with a delegate object that is a Rails controller...

8.1CVSS7.8AI score0.02131EPSS
Exploits0References14
RubySec
RubySec
added 2016/04/20 12:0 a.m.23 views

Safemode Gem for Ruby is vulnerable to information disclosure

Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on...

8.1CVSS6.9AI score0.02131EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2016/03/13 12:0 a.m.3 views

Suspicious HTTPS YAHOO Mail Attachment Containing JavaScript Code

Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...

1.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/05 12:0 a.m.40 views

RHEL 7 : docker (RHSA-2015:0623)

Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

10CVSS7.2AI score0.06452EPSS
Exploits0References5
Atlassian
Atlassian
added 2014/10/10 12:43 p.m.24 views

Stash email settings fields can be inadvertently be populated by browser with user login details - security issue

The email and username password in the email server settings screen has the same names as the username and password fields when logging in. This has the unintentional side affect of being pre-populated by your browser if you have left the mail server credentials blank and your browser has saved...

1.5AI score
Exploits0Affected Software1
Kitploit
Kitploit
added 2014/07/16 12:47 a.m.33 views

ProcessThreadsView - View process threads information On Windows

ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. Wh...

7AI score
Exploits0
Debian CVE
Debian CVE
added 2014/05/27 3:0 p.m.46 views

CVE-2013-2124

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

4.3CVSS6.4AI score0.02602EPSS
Exploits1
CVE
CVE
added 2014/05/27 3:0 p.m.70 views

CVE-2013-2124

CVE-2013-2124 is a double-free vulnerability in LibguestFS’s inspect-fs.c that affects LibguestFS 1.20.x (before 1.20.7), 1.21.x, 1.22.0, and 1.23.0. The issue allows remote attackers to cause a denial of service (crash) via empty guest files. The connected documents do not provide a confirmed ex...

4.3CVSS6.5AI score0.02602EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2014/05/27 2:55 p.m.3 views

DEBIAN-CVE-2013-2124

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

4.3CVSS6.8AI score0.02602EPSS
Exploits1References1
OSV
OSV
added 2014/05/27 2:55 p.m.3 views

UBUNTU-CVE-2013-2124

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

4.3CVSS5.8AI score0.02602EPSS
Exploits1References2
Hacker One
Hacker One
added 2014/05/11 12:22 a.m.17 views

Ian Dunn: Path Disclosure Vulnerability

Hey , I'm Jamal in this report i want to show you a Vulnerability Found It In basic-google-maps-placemarks Pugin Description: Title : Path Disclosure Vulnerability Status : Unfixed Tested on : Firefox Author : Jamal Eddine Email : [email protected] Discovered : 2014/05/04 Report it : 2014/05/04...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2014/01/14 5:4 p.m.347 views

HackerOne: Upload profile photo from URL

Using this vulnerability users can upload images from any image URL. Just change upload type using inspect element from "type=file" to "type=url" , paste URL in text field and hit enter or click on "Update Profile". Your profile photo will be changed to photo from URL. P.S Im sorry for my bad...

7.5CVSS1.8AI score0.03053EPSS
Exploits0
The Hacker News
The Hacker News
added 2013/09/01 5:43 p.m.11 views

Vulnerability allowed hacker to Delete any Facebook Photo; Rewarded with $12,500 for reporting bug

Indian Security Enthusiast 'Arul Kumar' recently reported an interesting Facebook vulnerability that allowed him to delete any Facebook image within a minute. Facebook Bug Bounty program rewarded him with $12,500 USD for helping the Facebook Security team to patch this critical loophole in their...

6.8AI score
Exploits0
Rows per page
Query Builder