Lucene search
K

3832 matches found

Microsoft CVE
Microsoft CVE
added 2018/04/10 7:0 a.m.28 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...

5.5CVSS5.2AI score0.03692EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/04/10 12:0 a.m.144 views

KB4093115: Windows 8.1 and Windows Server 2012 R2 April 2018 Security Update

The remote Windows host is missing security update 4093115 or cumulative update 4093114. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. CVE-2018-1009 - ...

9.3CVSS8.2AI score0.40069EPSS
Exploits9References37
CNVD
CNVD
added 2018/03/14 12:0 a.m.2 views

WolfCMS Cross-Site Scripting Vulnerability (CNVD-2018-07056)

Wolf CMS is a lightweight content management system written in PHP. A stored cross-site scripting vulnerability exists in WolfCMS 0.8.3.1 in the Layout Name under the Layout tab. A low-privileged user can exploit this vulnerability to steal cookies from administrative users and compromise the...

5.4CVSS6AI score0.00667EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2018/03/14 12:0 a.m.78 views

Microsoft Windows Multiple Vulnerabilities (KB4088787)

This host is missing a critical security update according to Microsoft KB4088787 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7AI score0.82334EPSS
Exploits46References45
NVD
NVD
added 2018/03/13 3:29 p.m.13 views

CVE-2018-1000084

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

5.4CVSS5.4AI score0.00667EPSS
Exploits1References1
OSV
OSV
added 2018/03/13 3:29 p.m.13 views

CVE-2018-1000084

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

5.4CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2018/03/13 3:29 p.m.14 views

Cross site scripting

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

3.5CVSS5.4AI score0.00667EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/03/13 3:0 p.m.16 views

CVE-2018-1000084

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

5.4AI score0.00667EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/03/13 12:0 a.m.80 views

KB4088782: Windows 10 Version 1703 March 2018 Security Update

The remote Windows host is missing security update 4088782. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this...

7.8CVSS8.3AI score0.82334EPSS
Exploits46References46
CNVD
CNVD
added 2018/03/09 12:0 a.m.1 views

Linux kernel kernel security protection bypass vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A kernel security protection bypass vulnerability exists in the fdlockedioctl function in drivers/block/floppy.c in...

5.5CVSS6.5AI score0.00694EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2018/03/06 12:0 a.m.4 views

The vulnerability of Adobe InDesign’s computer layout automation tool arises from an operation that goes beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.4AI score0.0647EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/02/26 12:0 a.m.2 views

Microsoft Windows kernel local information disclosure vulnerability (CNVD-2018-05062)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the operating system kernels. An information disclosure vulnerability exists in the Microsoft Windows kernel. An attacker can exploit this vulnerability by logging on to an...

4.7CVSS6.2AI score0.02386EPSS
Exploits3References1
CNVD
CNVD
added 2018/02/26 12:0 a.m.4 views

Schneider Electric IGSS SCADA Software Local Code Execution Vulnerability

Schneider Electric IGSS SCADA Software is a shared service platform for SCADA Data Acquisition and Supervisory Control systems from Schneider Electric France. A security vulnerability exists in Schneider Electric IGSS SCADA Software version 12 and earlier, which stems from incorrect security...

7.8CVSS7.4AI score0.00386EPSS
Exploits0References1
OSV
OSV
added 2018/02/20 3:29 p.m.3 views

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

7.2CVSS6.4AI score
Exploits0References1
Prion
Prion
added 2018/02/20 3:29 p.m.15 views

Remote code execution

DISPUTED Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor ha...

9CVSS7.2AI score0.05519EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2018/02/20 3:29 p.m.22 views

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

9CVSS7.3AI score0.05519EPSS
Exploits3References1
Prion
Prion
added 2018/02/20 3:29 p.m.21 views

Cross site scripting

DISPUTED Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts -...

3.5CVSS5.2AI score0.00846EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2018/02/20 3:29 p.m.3 views

CVE-2018-7205

Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts - Create devic...

4.8CVSS6AI score0.00846EPSS
Exploits3References1
CVE
CVE
added 2018/02/20 3:0 p.m.60 views

CVE-2018-7205

Kentico CMS versions 9–11 are affected by a reflected cross-site scripting (XSS) vulnerability in the Design/Device Layout feature (Edit device layout). The issue allows remote attackers to inject and execute arbitrary JavaScript via a malicious devicename parameter in links created through Pages...

4.8CVSS5.2AI score0.00846EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2018/02/20 3:0 p.m.26 views

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

7.4AI score0.05519EPSS
Exploits3References1
Rows per page
Query Builder