Lucene search
K

3127 matches found

RedHat Linux
RedHat Linux
added 2019/11/05 9:11 p.m.7 views

elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h

In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...

5.5CVSS7.4AI score0.01027EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.6 views

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

7.5CVSS7.3AI score0.06677EPSS
Exploits1References4
OSV
OSV
added 2019/10/31 9:15 p.m.3 views

DEBIAN-CVE-2012-6124

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes and is advertised as being unsuitable."...

5.3CVSS7.2AI score0.0125EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/25 12:0 a.m.144 views

Adobe ColdFusion File Upload (APSB18-33) (CVE-2018-15961)

An arbitrary file upload vulnerability exists in Adobe ColdFusion due to insufficient validation in the filemanager plugin. An unauthenticated, remote attacker can exploit this, via a specially crafted POST request, to upload arbitrary files on the remote host. TRUSTED...

10CVSS9AI score0.9995EPSS
Exploits11References2
NVD
NVD
added 2019/10/15 12:15 p.m.15 views

CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

6.1CVSS6.3AI score0.01114EPSS
Exploits0References2
OSV
OSV
added 2019/10/15 12:15 p.m.3 views

UBUNTU-CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

6.1CVSS6.4AI score0.01114EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/10/15 11:59 a.m.14 views

CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

6.3AI score0.01114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/10/15 12:0 a.m.3 views

PT-2019-15016 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 10.0.2 Description: The issue concerns HTML Injection in the Note field, specifically via the user/note.php endpoint. This allows for potential malicious code injection. Recommendations: For Dolibarr ERP/CRM version...

6.1CVSS6.3AI score0.01114EPSS
Exploits0References12
OSV
OSV
added 2019/10/14 2:15 a.m.3 views

ALPINE-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

8.1CVSS7.3AI score0.09116EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2019/10/08 12:0 a.m.10 views

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4524103)

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB4524103 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2...

6.6AI score
Exploits0
NVD
NVD
added 2019/09/27 8:15 p.m.27 views

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

5.4CVSS5.2AI score0.00775EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/09/27 8:15 p.m.20 views

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

5.4CVSS6.1AI score0.00775EPSS
Exploits1References2
Prion
Prion
added 2019/09/27 8:15 p.m.12 views

Cross site scripting

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

3.5CVSS5AI score0.00775EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/09/27 8:15 p.m.2 views

UBUNTU-CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

5.4CVSS6AI score0.00775EPSS
Exploits1References3
CVE
CVE
added 2019/09/27 7:9 p.m.216 views

CVE-2019-16686

Summary of CVE-2019-16686 (Dolibarr 9.0.5) Dolibarr ERP/CRM 9.0.5 contains a stored cross-site scripting (XSS) vulnerability in the User Note feature (note.php). A user with no privileges can inject script to attack the admin. Affected component: Dolibarr 9.0.5; root cause: improper handling/stor...

5.4CVSS5.2AI score0.00775EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/27 7:9 p.m.27 views

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

5.2AI score0.00775EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/09/27 12:0 a.m.3 views

PT-2019-14770 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the User Note section of the note.php file. This allows a user without privileges to inject a script, potentially attacking the admin. Recommendations: For Dolibarr versio...

5.4CVSS5.2AI score0.00775EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.264 views

macOS 18.7.0 Kernel - Local Privilege Escalation

macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2019/09/15 9:26 p.m.11 views

bd.thesciencejob.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-973199 Security Researcher garletmarco Helped patch 1540 vulnerabilities Received 4 Coordinated Disclosure badges , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting bd.thesciencejob.com website and its users. Followi...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/11 6:1 p.m.60 views

Major Groupon, TicketMaster Fraud Scheme Exposed By Insecure Database

UPDATE After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both...

7AI score
Exploits0References9
Rows per page
Query Builder