Lucene search
+L

125 matches found

CNVD
CNVD
added 2021/04/15 12:0 a.m.8 views

Devolutions Server SQL Injection Vulnerability

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...

7.2CVSS8.4AI score0.00837EPSS
Exploits0References1
Talos
Talos
added 2021/04/13 12:0 a.m.252 views

OpenClinic GA Web portal SQL injection vulnerability in 'manageServiceStocks.jsp' page

Summary An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...

8.8CVSS7.9AI score0.01037EPSS
Exploits1
CNVD
CNVD
added 2021/02/26 12:0 a.m.8 views

IBM FileNet Content Manager Cross-Site Request Forgery Vulnerability

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM USA. The solution combines document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, and more. IBM FileNet Content Manager suffers from a...

6.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2020/09/07 12:0 a.m.488 views

Grocy 2.7.1 Cross Site Scripting

Exploit Title: grocy 2.7.1 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 Proof Of Concept: grocy household management solution...

7.4AI score
Exploits0
Citrix
Citrix
added 2020/05/15 12:0 a.m.11 views

How To Migrate from Device Administration to Android Enterprise

This article discusses considerations and recommendations for migrating from legacy Android device administration to Android Enterprise. Google is deprecating the Android Device Administration API. That API supported enterprise apps on Android devices. Android Enterprise is the modern management...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/16 7:46 p.m.14 views

Important: Red Hat Bug Fix Advisory: Satellite 6.6.3 Async Bug Fix Update

Updated Satellite 6.6 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...

9.8CVSS6.8AI score0.26587EPSS
Exploits7References8
CISA
CISA
added 2020/03/06 12:0 a.m.168 views

Zoho Releases Security Update on ManageEngine Desktop Central

Zoho has released a security update on a vulnerability CVE-2020-10189 affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine Desktop Central is a unified endpoint management solution...

10CVSS0.9AI score0.99941EPSS
Exploits6References2
Microsoft Secure
Microsoft Secure
added 2020/03/02 5:0 p.m.52 views

Microsoft identity acronyms—what do they mean and how do they relate to each other?

As a security advisor working with one to three Chief Information Security Officers CISOs each week, the topic of identity comes up often. These are smart people who have often been in industry for decades. They have their own vocabulary of acronyms that only security professionals know such as...

0.5AI score
Exploits0
CNVD
CNVD
added 2020/02/12 12:0 a.m.4 views

IBM Security Secret Server Input Validation Error Vulnerability

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An input validation error vulnerability exists in IBM Security Secret Serve...

7.4CVSS9.2AI score0.00784EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/01/14 2:52 p.m.50 views

Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users...

7.6AI score
Exploits0
CNVD
CNVD
added 2019/12/23 12:0 a.m.6 views

F5 BIG-IP and F5 BIG-IQ Centralized Management Information Disclosure Vulnerability

F5 BIG-IP and F5 BIG-IQ Centralized Management are both products of F5 Corporation in the U.S. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ Centralized Management is a suite of...

4.3CVSS6.6AI score0.00697EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/01/13 12:0 a.m.104 views

HMS Netbiter WS100 3.30.5 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2018-042 Product: Netbiter WS100 Manufacturer: HMS Industrial Networks AB Affected Versions: 3.30.5 = Tested Versions: 3.30.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Low Solution Status: Fixed Manufacturer...

6.4AI score0.01573EPSS
Exploits2
OpenVAS
OpenVAS
added 2018/02/20 12:0 a.m.67 views

AlgoSec Detection

Detection of AlgoSec Security Management Solution. The script sends a connection request to the server and attempts to detect AlgoSec and to extract its version. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted...

7AI score
Exploits0References1
CNVD
CNVD
added 2018/01/12 12:0 a.m.5 views

Juniper Junos Space Elevation of Privilege Vulnerability

Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. An elevation of privilege vulnerability exists in Juniper Junos Space. A local attacker cou...

7.8CVSS7.2AI score0.00337EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/09/11 12:0 a.m.23 views

Cisco Prime LAN Management Solution Session Fixation Vulnerability

According to its self-reported version, the Cisco Prime LAN Management Solution LMS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. C Tenable Network Security, Inc. include"compat.inc"; if description...

6.5CVSS6.5AI score0.01961EPSS
Exploits0References3
NVD
NVD
added 2017/09/07 9:29 p.m.20 views

CVE-2017-12225

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

6.5CVSS6.5AI score0.01961EPSS
Exploits0References3
CVE
CVE
added 2017/09/07 9:0 p.m.53 views

CVE-2017-12225

CVE-2017-12225 affects Cisco Prime LAN Management Solution (LMS) session handling. The issue arises from reusing a preauthentication session token in the postauthentication flow, allowing an authenticated remote attacker to hijack another user’s administrative session (Session Fixation). Affected...

6.5CVSS6.4AI score0.01961EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/09/07 9:0 p.m.28 views

CVE-2017-12225

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

6.5AI score0.01961EPSS
Exploits0References3
0day.today
0day.today
added 2017/07/11 12:0 a.m.52 views

Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vulnerability

Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server. Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vendor: Schneider Electric SE...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.41 views

Pelco VideoXpert 1.12.105 - Directory Traversal

Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillance...

7.4AI score
Exploits0
Rows per page
Query Builder