Lucene search
K

45 matches found

Packet Storm
Packet Storm
added 2021/07/18 12:0 a.m.245 views

HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f2b5429feaa7d229418cf499ce5f5822.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Generic Vulnerability: Unauthenticated Open Proxy Description: The malware liste...

0.1AI score
Exploits0
Prion
Prion
added 2020/11/03 2:15 p.m.22 views

Design/Logic Flaw

IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...

4.9CVSS5.4AI score0.00665EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/06/24 2:15 p.m.10 views

Design/Logic Flaw

IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...

4.3CVSS4.5AI score0.01046EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/24 12:50 a.m.24 views

Security Bulletin: Vulnerabilities in WebSphere Application Server

Summary There are vulnerabilities in WebSphere Application Server used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof connection information which could ...

4.3CVSS1.4AI score0.01475EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/25 12:0 a.m.59 views

Pulse Connect Secure and Policy Secure CVE-2019-11509 Access Bypass Vulnerability

Description Pulse Connect Secure and Policy Secure are prone to an access-bypass vulnerability. An attacker can exploit this execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. The following products are vulnerable: Pulse Connect Secure 9.0RX, 8.3RX...

6.5CVSS0.8AI score0.07817EPSS
Exploits0References1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/12 11:0 a.m.25 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2018-1902)

Summary IBM WebSphere Application Server is shipped as a component of IBM ILOG ODM Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere...

4.3CVSS0.9AI score0.01475EPSS
Exploits0Affected Software1
Prion
Prion
added 2019/02/21 5:29 p.m.21 views

Design/Logic Flaw

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...

5.8CVSS6AI score0.01213EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:17 p.m.21 views

Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint

Summary Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system...

7.5CVSS1.1AI score0.21261EPSS
Exploits0Affected Software1
Prion
Prion
added 2018/01/26 9:29 p.m.13 views

Design/Logic Flaw

IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...

3.5CVSS5.4AI score0.01219EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/01/26 9:0 p.m.17 views

CVE-2017-1516

IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...

5.4AI score0.01219EPSS
Exploits0References3
CNVD
CNVD
added 2017/05/06 12:0 a.m.5 views

Xen Information Disclosure Vulnerability (CNVD-2017-06979)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has an information disclosure...

3.8CVSS8.6AI score0.00368EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/17 12:0 a.m.2 views

Pivotal GemFire for PCF Unauthorized Access Vulnerability

GemFire for PCF is a distributed management platform designed by Pivotal for many different data management situations, but is particularly useful for high-volume, latency-sensitive, mission-critical transactional systems. An unauthorized access vulnerability exists in Pivotal GemFire for PCF. An...

9.8CVSS7AI score0.02165EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/06 12:0 a.m.1 views

Multiple Unify Product Information Disclosure Vulnerabilities

Unify is a leading communications software and services company in China. OpenScape and HiPath are the unify suite of solutions for enterprise unified communications. An information disclosure vulnerability exists in multiple Unify products, which can be exploited by attackers to obtain sensitive...

6.2AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

CruxCMS 3.0 'search.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27588/info CruxCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/08/23 12:0 a.m.13 views

KindEditor - name Cross-Site Scripting

KindEditor - name Cross-Site Scripting source: https://www.securityfocus.com/bid/55172/info KindEditor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2011/07/05 12:0 a.m.16 views

Classified Script - c-BrowseClassified Cross-Site Scripting

Classified Script - c-BrowseClassified Cross-Site Scripting source: https://www.securityfocus.com/bid/48564/info Classified Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrar...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2011/06/15 12:0 a.m.25 views

MyBloggie 2.1.6 - HTML Injection / SQL Injection

source: https://www.securityfocus.com/bid/48317/info myBloggie is prone to a SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/05/09 12:0 a.m.21 views

encoder 0.4.10 - 'edit.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47755/info encoder is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/02/28 12:0 a.m.26 views

WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/46610/info The BackWPup plugin for WordPress is prone to multiple information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to retrieve the contents of an arbitrary file. Informati...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/06/24 12:0 a.m.24 views

PG Matchmaking - 'services.php?show' Cross-Site Scripting

source: https://www.securityfocus.com/bid/35808/info PG Matchmaking is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...

7AI score
Exploits0
Rows per page
Query Builder