Lucene search
K

54 matches found

CNVD
CNVD
added 2018/05/03 12:0 a.m.1 views

Cisco Secure Access Control System Remote Code Execution Vulnerability

Cisco Secure Access Control System ACS is the United States Cisco Cisco a set of security access control system. The system can be through the RADIUS, TACACS protocol for network access and network device access control respectively. ACS Report is one of the system report generation component. An...

10CVSS7.7AI score0.06984EPSS
Exploits0References1
OSV
OSV
added 2018/05/02 10:29 p.m.3 views

CVE-2018-0253

A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...

9.8CVSS6.1AI score0.06984EPSS
Exploits0References3
Hacker One
Hacker One
added 2018/03/19 4:32 a.m.18 views

Vanilla: disclosure of email by sending a message.

Summary: When you send a message, the E-mail field is created. Thus, through the format of json, we can see the email of the user to whom we sent the letter Description: Steps to reproduce: 1. Create a message, select the user whose mail we want to open. F273484 F273485 2. Send a message and add...

7AI score
Exploits0
OSV
OSV
added 2018/02/15 2:29 a.m.4 views

CVE-2018-0850

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability"...

6.5CVSS5.8AI score0.05128EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/12/27 5:8 p.m.23 views

CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...

7.5CVSS7.1AI score0.01196EPSS
Exploits0References6
OSV
OSV
added 2017/07/17 12:0 a.m.9 views

UBUNTU-CVE-2017-11362

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformatparse.c does not restrict the locale length, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact within International...

9.8CVSS7.5AI score0.0291EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/07/05 12:0 a.m.18 views

Fedora 25 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-7591a8e2c9)

globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/07/05 12:0 a.m.21 views

Fedora 24 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-5f8ebbd2b1)

globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...

5.5AI score
Exploits0References1
OSV
OSV
added 2017/06/08 4:29 p.m.4 views

UBUNTU-CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data...

9.8CVSS6.2AI score0.02717EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2017/06/01 12:0 a.m.7 views

PT-2018-27: Arbitrary Command Execution in Cisco Secure ACS

The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insufficient validation of the Action Message Format AMF protocol, allows unauthenticated, remote...

10CVSS10AI score0.06984EPSS
Exploits0References3
CNVD
CNVD
added 2017/04/24 12:0 a.m.4 views

Action Message Format (AMF3) Java Remote Code Execution Vulnerability

AMF3 is the latest version of Adobe Action Message Format, a compressed binary format for graphical serialization of ActionScript objects. A Java remote code execution vulnerability exists in Action Message Format, which could allow an attacker to execute arbitrary code during an AMF3...

8.5AI score
Exploits0References1
myhack58
myhack58
added 2017/04/07 12:0 a.m.172 views

Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net

AMF Action Message Format is a binary serialization format, before the main Flash application in using this format. Recently, the Code White found to have multiple Java AMF library in the presence of vulnerabilities, and these vulnerabilities will lead to unauthenticated remote code execution...

5CVSS7.4AI score0.0954EPSS
Exploits2
CNVD
CNVD
added 2017/04/04 12:0 a.m.6 views

VMware vCenter Server BlazeDS Component Remote Code Execution Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A remote code execution vulnerability exists...

9.8CVSS8.2AI score0.21274EPSS
Exploits4References1
n0where
n0where
added 2017/02/07 5:8 a.m.34 views

Reverse Engineering Communication Protocols: Netzob

Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...

1.7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/01/13 12:0 a.m.5 views

The vulnerability of the Flash Player software, which allows a perpetrator to execute arbitrary code

The vulnerability of the Action Message Format component of the Flash Player software platform is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8AI score0.05882EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2017/01/13 12:0 a.m.5 views

The vulnerability of the Flash Player software, which allows a perpetrator to execute arbitrary code

The vulnerability of the Flash Player software is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code as a result of serializing the Action Message Format...

10CVSS8.1AI score0.05882EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/12/22 12:0 a.m.4 views

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the Flash Player software is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code as a result of serialization using the Action Message Format AFM0...

10CVSS8.1AI score0.05882EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2016/12/14 1:2 p.m.10 views

flash-plugin: multiple code execution issues fixed in APSB16-39

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization AFM0. Successful exploitation could lead to arbitrary code execution...

9.3CVSS6.1AI score0.05882EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/12/14 12:0 a.m.4 views

PT-2016-2951 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is related to a use after free vulnerability in the Action Message Format serialization. This vulnerability can be...

10CVSS9.2AI score0.18786EPSS
Exploits0References115
Mageia
Mageia
added 2013/08/12 1:54 p.m.57 views

Updated firefox and thunderbird packages fix security vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS9.9AI score0.40118EPSS
Exploits14References9
Rows per page
Query Builder