Lucene search
+L

451 matches found

prion
prion
added 2017/06/09 4:29 p.m.14 views

Design/Logic Flaw

Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

6.8CVSS8.7AI score0.01749EPSS
Exploits0References3
cve
cve
added 2017/06/09 4:0 p.m.45 views

CVE-2017-2178

CVE-2017-2178 describes an untrusted search path vulnerability in the Installer of the ATLA (Acquisition, Technology & Logistics Agency) electronic tendering and bid opening system. The root cause is insecure DLL loading (DLL search path issue) that could allow arbitrary code execution via a Troj...

8.8CVSS8.7AI score0.01749EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2017/05/30 12:0 a.m.76 views

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.10 - OpenJDK 7u141 bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-351...

9.6CVSS7AI score0.03311EPSS
Exploits3References10
cnvd
cnvd
added 2017/05/27 12:0 a.m.4 views

ATLA Installer of electronic tendering and bid opening system remote code execution vulnerability

Acquisition, Technology & Logistics Agency ATLA Installer of electronic tendering and bid opening system is an electronic tendering and bid opening system installer from Japan's Acquisition, Technology & Logistics Installer of electronic tendering and bid opening system is an installer of...

8.8CVSS7.4AI score0.01749EPSS
Exploits0References1
cnvd
cnvd
added 2017/05/12 12:0 a.m.30 views

Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-06605)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in the implementation of the Office software when opening files with malformed graphics, allowing an attacker to take control of the affected...

9.3CVSS8AI score0.7813EPSS
Exploits0References1
openbugbounty
openbugbounty
added 2017/02/03 5:34 a.m.12 views

chessgames.com XSS vulnerability

Vulnerable URL: http://www.chessgames.com/perl/chess.pl?opening=B86-89=19233=Robert James Fischer playing the Sicilian Sozin=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 19713...

6.3AI score
Exploits0
osv
osv
added 2016/11/16 3:30 p.m.8 views

SUSE-SU-2016:2817-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - bsc1006592: Fix a regression introduced in CVE-2013-5653 by which ps files couldn't be opened in okular/evince kde371887...

5.5CVSS7.2AI score0.01957EPSS
Exploits0References3
nessus
nessus
added 2016/11/04 12:0 a.m.296 views

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3635)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3635 advisory. - sched: panic on corrupted stack end Jann Horn Orabug: 24971921 CVE-2016-1583 - ecryptfs: forbid opening files without mmap handler Jann Horn Orabug:...

7.8CVSS6.8AI score0.01393EPSS
Exploits2References2
oraclelinux
oraclelinux
added 2016/11/03 12:0 a.m.65 views

Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-61.1.17 - sched: panic on corrupted stack end Jann Horn Orabug: 24971921 CVE-2016-1583 - ecryptfs: forbid opening files without mmap handler Jann Horn Orabug: 24971921 CVE-2016-1583 - proc: prevent stacking filesystems on top Jann Horn Orabug: 24971921 CVE-2016-1583...

7.8CVSS0.4AI score0.01393EPSS
Exploits2
exploitdb
exploitdb
added 2016/08/06 12:0 a.m.52 views

VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)

require 'msf/core' class MetasploitModule 'DLL Side Loading Vulnerability in VMware Host Guest Client Redirector', 'Description' = %q A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim...

7.8CVSS7.4AI score0.1802EPSS
Exploits5
vmware
vmware
added 2016/08/02 12:0 a.m.93 views

VMSA-2016-0010:VMware product updates address multiple HIGH security issues

VMSA-2016-0010.1 VMware product updates address multiple important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0010.1 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address multiple security issue...

7.8CVSS7.4AI score0.1802EPSS
Exploits6References14Affected Software6
cnvd
cnvd
added 2016/07/20 12:0 a.m.3 views

Drupal Opening Hours Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. opening hours is one of the modules used to find stores or libraries that are open at a certain time. A cross-site scripting vulnerability exists in the Drupal Opening Hours module in...

7AI score
Exploits0References1
bdu_fstec
bdu_fstec
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Microsoft Office software package allows a malicious individual to obtain access tokens used for authenticating the current user.

The vulnerability of Microsoft Office software relates to errors in processing a specially crafted response when attempting to open an Office document located on a malicious website. Exploiting this vulnerability allows a malicious actor to obtain access tokens used for authenticating the current...

4.3CVSS5.5AI score0.10091EPSS
Exploits0References4
drupal
drupal
added 2016/06/01 12:0 a.m.17 views

Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031

This module enables you to enter opening hours for locations in a highly detailed way. The module doesn't sufficiently escape input data from user input. This vulnerability is mitigated by the fact that an attacker must be able to edit opening hours by having a role with the permission “Edit...

7AI score
Exploits0References11
osv
osv
added 2016/04/27 5:59 p.m.6 views

UBUNTU-CVE-2015-1339

Memory leak in the cusechannelrelease function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service memory consumption or possibly have unspecified other impact by opening /dev/cuse many times...

6.2CVSS7.1AI score0.00425EPSS
Exploits0References2
exploitdb
exploitdb
added 2016/01/21 12:0 a.m.59 views

NTP - Local Privilege Escalation

Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2015/12/06 12:0 a.m.28 views

WinAsm Studio 5.1.8.8 - Buffer Overflow Crash (PoC)

Exploit: WinAsm Studio 5.1.8.8 BOF. Date: 12/6/2015 Exploit Author: UnN0n Vendor: WinAsm Software Link: http://www.winasm.net/winasm-studio-updates.html Version: 5.1.8.8 Tested on: Windows 7 x6464bit Info Code: rc.right = 0; rc.bottom = 0; DrawTextExA hdc, L"I...

7.4AI score
Exploits0
hackerone
hackerone
added 2015/11/22 2:9 p.m.14 views

Shopify: Cookie securing your "Opening soon" store is not secured against XSS

PoC: 1 Protect your e-shop with a password Storefront password 2 Go to your e-shop URL and enter the password to access the store 3 There is a cookie created - name: storefrontdigest - this cookie contains the password in a secure way which protects your store 4 This cookie is not marked as...

0.2AI score
Exploits0
hackerone
hackerone
added 2015/10/12 3:49 a.m.33 views

Shopify: Unauthenticated access to details of hidden products in any shop via title emuneration

This issue allows external unauthenticated attacker to bypass password protection of currently unopened "Opening Soon" stage stores and obtain full description of products considering they know/enumerate the title of the product and the product has been published. It could be used to obtain...

7.4AI score
Exploits0
redhat
redhat
added 2015/06/25 8:43 a.m.5 views

php: buffer overflow in phar_set_inode()

A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

7.5CVSS7.2AI score0.38434EPSS
Exploits1References4
Rows per page
Query Builder