Lucene search
K

660 matches found

CNVD
CNVD
added 2017/09/20 12:0 a.m.7 views

vBulletin VBSEO 'visitormessage.php' Remote Code Injection Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program. vBulletin VBSEO module is one of the SEO management module . A security vulnerability exists in the functionsvbseohook.php file in the vBulletin VBSEO module...

9CVSS7.5AI score0.14785EPSS
Exploits3References1
OSV
OSV
added 2017/07/01 6:29 p.m.6 views

UBUNTU-CVE-2017-10789

The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...

5.9CVSS6.7AI score0.02202EPSS
Exploits0References5
CNVD
CNVD
added 2017/03/16 12:0 a.m.1 views

Drupal Password Reset Landing Page Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Password Reset Landing Page Module is a password reset page module. An access bypass vulnerability exists in the Drupal Password Reset Landing Page Module. This vulnerability can be...

6.9AI score
Exploits0References1
myhack58
myhack58
added 2017/02/17 12:0 a.m.32 views

For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net

Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...

0.2AI score
Exploits0
CNVD
CNVD
added 2016/07/19 12:0 a.m.2 views

Drupal Hubspot CTA module cross-site scripting vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Hubspot CTA is one of the modules that displays the Hubspot CTA button by creating a Bean block. A cross-site scripting vulnerability exists in the Drupal Hubspot CTA module that can be...

6.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.8 views

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in the modproxy module of the Apache HTTP Server when reverse proxy is enabled allows malicious actors to cause a service failure by using a specially crafted HTTP Connection header...

4.3CVSS6.6AI score0.35543EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2016/05/13 2:27 p.m.11 views

SUSE-SU-2016:1301-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - bsc978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the...

10CVSS8.6AI score0.97485EPSS
Exploits11References3
CNVD
CNVD
added 2016/05/10 12:0 a.m.4 views

QEMU VGA Module Denial of Service Vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in QEMU's VGA module. An attacker can exploit this vulnerability to execute arbitrary code on the host computer with elevated privileges...

8.8CVSS8.5AI score0.00916EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2016/05/09 12:0 a.m.32 views

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

8.8CVSS7.2AI score0.00916EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.8 views

The vulnerability of the Moodle learning management system allows a hacker to bypass existing access restrictions.

The vulnerability of the Moodle learning management system’s module is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions...

5.5CVSS6.6AI score0.01403EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2016/02/24 12:0 a.m.2 views

Drupal Nodejs Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language maintained by the Drupal community.Node.js is one of the modules that provides real-time push updates. An access bypass vulnerability exists in the Drupal Nodejs module. This vulnerability allows attackers to...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2016/02/08 12:0 a.m.2 views

Drupal Open Atrium Module Security Bypass Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium is one of the team collaboration and knowledge management system modules. A security bypass vulnerability exists in the Drupal Open Atrium module that can be exploited by...

7AI score
Exploits0References1
Drupal
Drupal
added 2015/09/16 12:0 a.m.18 views

amoCRM - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-149

This module enables you to integrate with amoCRM service using webhooks. The module does not sufficiently sanitize the logged data when malicious POST data is received. This vulnerability is mitigated by the fact that a module such "Database logging" dblog must be enabled which displays log...

2.6CVSS6.2AI score0.00913EPSS
Exploits0References10
CNVD
CNVD
added 2015/04/23 12:0 a.m.4 views

Drupal Corner Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Corner is one of the website modification modules. A cross-site request forgery vulnerability exists in the Drupal Corner module. A remote attacker can exploit this vulnerability to...

5.8CVSS7AI score0.00649EPSS
Exploits0References1
Prion
Prion
added 2015/04/21 4:59 p.m.8 views

Code injection

The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL...

5CVSS7.1AI score0.02087EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2015/03/28 12:0 a.m.4 views

Cisco IOS TCP Input Module Denial of Service Vulnerability

Cisco IOS is a popular Internet operating system. A memory leak vulnerability exists in the Cisco IOS TCP input module, which allows remote attackers to conduct denial-of-service attacks via specially crafted TCP messages...

7.8CVSS6.9AI score0.03779EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2015/02/19 3:59 p.m.14 views

CVE-2014-8165

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

10CVSS6AI score0.02763EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

CBSMS Mambo Module <= 1.0 - Remote File Include Vulnerability

No description provided by source...

7.1AI score
Exploits0
OSV
OSV
added 2014/04/15 11:55 p.m.12 views

CVE-2011-3628

Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

6.3AI score
Exploits0References2
OSV
OSV
added 2014/01/31 4:43 p.m.11 views

MGASA-2014-0031 Updated drupal package fixes security vulnerabilities

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...

7.5CVSS6.1AI score0.01526EPSS
Exploits0References4
Rows per page
Query Builder