Lucene search
K

1294 matches found

NVD
NVD
added 2019/11/14 9:15 p.m.11 views

CVE-2019-14678

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

10CVSS9.5AI score0.02951EPSS
Exploits1References2
OSV
OSV
added 2019/11/14 9:15 p.m.5 views

CVE-2019-14678

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

10CVSS7.3AI score0.02951EPSS
Exploits1References2
Prion
Prion
added 2019/11/14 9:15 p.m.20 views

Xxe

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

7.5CVSS9.3AI score0.02951EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2019/11/14 8:59 p.m.86 views

CVE-2019-14678

SAS XML Mapper 9.45 contains an XML External Entity (XXE) vulnerability in its XML parsing, also affecting the XMLV2 LIBNAME engine when AUTOMAP is used. The issue enables attackers to perform Local File Reading, Out Of Band File Exfiltration, Server-Side Request Forgery, and Potential Denial of ...

10CVSS9.3AI score0.02951EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/11/14 8:59 p.m.16 views

CVE-2019-14678

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

9.5AI score0.02951EPSS
Exploits1References2
Gitee
Gitee
added 2019/07/19 6:50 p.m.6 views

icsmaster

This repository is an offensive tool for ICS Industrial Control Systems security research and exploitation. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is maintained by GeneBlue and appears to be a...

6.9AI score
Exploits0
Gitee
Gitee
added 2019/07/02 8:36 p.m.4 views

oscp

This is an offensive tool for penetration testing and vulnerability assessment. It is a Python script called reconscan.py that is designed to be used as a preparation for the OSCP Offensive Security Certified Professional exam. The script is multithreaded and can be run against several hosts at...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/05/07 4:20 a.m.42 views

Moderate: Red Hat Security Advisory: python36:3.6 security update

An update for the python36:3.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.03525EPSS
Exploits3References3
OSV
OSV
added 2019/05/07 3:40 a.m.29 views

RLSA-2019:0984 Moderate: python36:3.6 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlchemy is an...

7.3CVSS9.2AI score0.03525EPSS
Exploits3References3
Rockylinux
Rockylinux
added 2019/05/07 3:40 a.m.39 views

python27:2.7 security update

An update is available for python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe, python-pluggy,...

9.8CVSS1.2AI score0.08811EPSS
Exploits3
Veracode
Veracode
added 2019/05/02 4:56 a.m.35 views

NULL Pointer Dereference

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References15Affected Software1
OSV
OSV
added 2019/03/22 12:29 a.m.3 views

CVE-2019-9910

The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS...

6.1CVSS6.3AI score0.01389EPSS
Exploits1References3
CNVD
CNVD
added 2019/03/22 12:0 a.m.3 views

Kingcomposer Cross-Site Scripting Vulnerability

WordPress plugin KingComposer is a professional backend and frontend page builder plugin. A cross-site scripting vulnerability exists in the wp-admin/admin.php?page=kc-mapper page in version 2.7.6 of the WordPress kingcomposer plugin. A remote attacker can exploit the vulnerability to execute...

6.1CVSS6.5AI score0.01389EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2019/01/04 7:6 p.m.4 views

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-19360 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-19360 Source advisory: OSV:GHSA-F9HV-MG5H-XCW9...

9.8CVSS7.2AI score0.10599EPSS
Exploits0
Kitploit
Kitploit
added 2018/12/27 8:16 p.m.95 views

Smap - Shellcode Mapper

Handy tool for shellcode analysis. Requirements objdump Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/smap.git cd smap/ python smap.py -h get shellcodes @ http://shell-storm.org/shellcode/,...

7.4AI score
Exploits0References2
0day.today
0day.today
added 2018/12/20 12:0 a.m.31 views

Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit

The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie, remote code execution is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location. This module requires Metasploit:...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/20 12:0 a.m.26 views

Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Erlang Port Mapper Daemon Cookie RCE', 'Description' = %q The erlang port mapper daemon is used to coordinate distributed erlang instances. Shoul...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2018/12/10 1:17 a.m.92 views

Erlang Port Mapper Daemon Cookie RCE

The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie RCE is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location. This module requires Metasploit: https://metasploit.com/download Current source...

7.2AI score
Exploits0
OSV
OSV
added 2018/10/18 5:43 p.m.3 views

GHSA-HMQ6-FRV3-4727 jackson-dataformat-xml vulnerable to XML external entity (XXE)

XML external entity XXE vulnerability in XmlMapper in the Data format extension for Jackson aka jackson-dataformat-xml allows attackers to have unspecified impact via unknown vectors...

9.8CVSS6.6AI score0.0278EPSS
Exploits0References3
OSV
OSV
added 2018/10/16 5:21 p.m.12 views

GHSA-QXXX-2PP7-5HMX jackson-databind is vulnerable to a deserialization flaw

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References66
Rows per page
Query Builder