Lucene search
K

1041 matches found

Prion
Prion
added 2018/06/14 8:29 p.m.21 views

Design/Logic Flaw

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...

5CVSS7.4AI score0.03052EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2018/06/07 2:29 a.m.18 views

CVE-2017-16099

The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition...

7.5CVSS7.4AI score0.01584EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/07 12:0 a.m.4 views

SAP B2B / B2C CRM Local File Inclusion Vulnerability

SAP enterprise application software solution provider. A local file inclusion vulnerability exists in SAP B2B / B2C CRM. An attacker can exploit the vulnerability to cause malicious data submitted externally to be entered as a variable in the file inclusion process, which could lead to the...

6.6AI score
Exploits0References1
Veracode
Veracode
added 2018/05/15 7:36 a.m.20 views

Remote Code Execution (RCE)

fs-path is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the lack of sanitization of user input when performing various operations such as copy, allowing malicious input to be executed...

9.8CVSS9.6AI score0.11168EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2018/04/04 12:0 a.m.4 views

Cisco IOS XE Software CLI Parser OS Command Injection Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices.CLI parser is one of the command line command parsers. The CLI parser in Cisco IOS XE Software is vulnerable to an operating system command injection vulnerability that arises from a program that fails to...

7.8CVSS7.6AI score0.006EPSS
Exploits0References1
Veracode
Veracode
added 2018/04/03 4:54 a.m.21 views

Regular Expression Denial Of Service (ReDoS)

protobufjs is vulnerable to regular expression denial of service ReDoS. The attack can be triggered when the attacker parses or loads .proto file sources using malicious file or regex or string...

5.5CVSS5.4AI score0.00958EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2018/03/28 12:0 a.m.1 views

OpenSSL Denial of Service Vulnerability (CNVD-2018-06539 )

OpenSSL is an open source implementation of SSL used to implement strong encryption for network communications. A denial of service vulnerability exists in OpenSSL versions 1.1.0, 1.0.2, which stems from the use of recursively overloaded malicious input, constructed with an ASN.1 type that can...

6.5CVSS9.2AI score0.19295EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/03/27 9:0 p.m.48 views

CVE-2018-0739

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

6.5CVSS7.3AI score0.19295EPSS
Exploits0
CNVD
CNVD
added 2018/02/23 12:0 a.m.4 views

Cisco Prime Collaboration Provisioning Tool Cross-Site Scripting Vulnerability (CNVD-2018-05347)

The Cisco Prime Collaboration Provisioning Tool is a set of Web-based, next-generation communications services tools from Cisco. The tool provides IP communication service capabilities for IP telephony, voice mail, and unified communications environments.The User Provisioning tab is one of the us...

6.1CVSS6.2AI score0.01244EPSS
Exploits0References1
Prion
Prion
added 2018/02/22 12:29 a.m.17 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

4.3CVSS6AI score0.01244EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2018/02/06 3:29 p.m.60 views

CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References2
Cvelist
Cvelist
added 2018/02/06 3:0 p.m.30 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw...

9.3AI score0.08411EPSS
Exploits2References32
Debian CVE
Debian CVE
added 2018/02/06 3:0 p.m.63 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw...

9.8CVSS8.6AI score0.08411EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2018/01/18 12:0 a.m.2 views

PT-2018-17138 · Markdown2 · Markdown2

Name of the Vulnerable Software and Affected Versions: markdown2 versions through 2.3.5 Description: The issue concerns a flaw in the safe mode feature of markdown2, which is intended to sanitize user input against XSS attacks. However, this feature does not properly escape input, allowing for th...

7.5CVSS6.3AI score0.02384EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2018/01/01 12:0 a.m.5 views

PT-2018-19372

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts...

9.8CVSS6.9AI score0.00884EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.4 views

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS7.6AI score0.37925EPSS
Exploits7References4
Veracode
Veracode
added 2017/11/21 8:44 a.m.9 views

Denial Of Service (DoS)

levigo-jbig2-imageio is susceptible to denial of service DoS attacks. The attacks are possible because it does not incorporate other terminating conditions when the user provides malicious input...

6.4AI score
Exploits0
CNVD
CNVD
added 2017/11/16 12:0 a.m.25 views

Microsoft ASP.NET Core Information Disclosure Vulnerability

ASP.NET Core is a new open source and cross-platform framework for building modern cloud-based applications connected to the Internet such as web applications, Internet of Things IoT applications, and mobile back-end applications. Microsoft ASP.NET Core has an information disclosure vulnerability...

7.5CVSS6.1AI score0.10485EPSS
Exploits0References1
NVD
NVD
added 2017/10/05 1:29 a.m.23 views

CVE-2017-1000109

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

6.1CVSS5.9AI score0.00948EPSS
Exploits0References2
exploitpack
exploitpack
added 2017/09/30 12:0 a.m.30 views

Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow

Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow Exploit Title: SyncBreeze POST username overflow Date: 30-Sep-2017 Exploit Author: Owais Mehtab Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested...

0.6AI score
Exploits0
Rows per page
Query Builder