Lucene search
K

81 matches found

Tenable Nessus
Tenable Nessus
added 2016/06/17 12:0 a.m.31 views

FreeBSD : drupal -- multiple vulnerabilities (7932548e-3427-11e6-8e82-002590263bf5)

Drupal Security Team reports : - Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical - Views can allow unauthorized users to see Statistics information Views module - Drupal 8 - Less Critical %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

8.8CVSS6.8AI score0.02531EPSS
Exploits0References5
Hacker One
Hacker One
added 2016/04/21 12:0 a.m.74 views

Internet Bug Bounty: Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)

The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." See also:...

10CVSS8.5AI score0.97485EPSS
Exploits11
Hacker One
Hacker One
added 2016/02/11 10:23 a.m.592 views

Imgur: SSRF and local file read in video to gif converter

Video to gif converter on http://imgur.com/vidgif uses Lavf/55.48.100 with network options enabled. It makes possible SSRF by uploading specially crafted playlist. For example we can use mp4 file http://yngwie.ru/1.mp4 EXTM3U EXT-X-MEDIA-SEQUENCE:0 EXTINF:10.0, http://yngwie.ru/2.mp4 EXT-X-ENDLIS...

0.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2015/10/30 9:52 a.m.24 views

CVE-2009-5082

The 1 configure and 2 config.guess scripts in GNU troff aka groff 1.20.1 on Openwall GNU//Linux aka Owl improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file...

3.3CVSS7AI score0.0032EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/06/16 12:0 a.m.39 views

Apache Tomcat Denial Of Service Vulnerability (Jun 2015) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

7.8CVSS5.8AI score0.20318EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/03/31 12:0 a.m.29 views

PuTTY Information Disclosure vulnerability (Mar 2015) - Windows

PuTTY is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:putty:putty";...

2.1CVSS6AI score0.00585EPSS
Exploits0References3
Cloud Foundry
Cloud Foundry
added 2015/01/28 12:0 a.m.87 views

CVE-2015-0235 - GHOST | Cloud Foundry

CVE-2015-0235 – GHOST Critical Vendor Canonical, Red Hat Versions Affected Ubuntu 10.04 Lucid, 12.04 Precise, CentOS 6. Description A heap-based buffer overflow was found in nsshostnamedigitsdots, which is used by the gethostbyname and gethostbyname2 glibc function call. A remote attacker could u...

10CVSS8.3AI score0.94859EPSS
Exploits29
OpenVAS
OpenVAS
added 2015/01/23 12:0 a.m.29 views

MediaWiki ExpandTemplates Extension < 1.24.1 Multiple Vulnerabilities (Jan 2015) - Active Check

The ExpandTemplates extension for MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.1CVSS6.3AI score0.00669EPSS
Exploits0References2
Nmap
Nmap
added 2015/01/17 3:1 a.m.2967 views

http-shellshock NSE Script

Attempts to exploit the "shellshock" vulnerability CVE-2014-6271 and CVE-2014-7169 in web applications. To detect this vulnerability the script executes a command that prints a random string and then attempts to find it inside the response body. Web apps that don't print back information won't be...

10CVSS10AI score0.99999EPSS
Exploits173
exploitpack
exploitpack
added 2015/01/11 12:0 a.m.19 views

RedStar 2.0 Desktop - World-writeable rc.sysinit Local Privilege Escalation

RedStar 2.0 Desktop - World-writeable rc.sysinit Local Privilege Escalation Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2015/01/11 12:0 a.m.23 views

RedStar 3.0 Desktop - Enable sudo Privilege Escalation

!/bin/bash -e Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo 'RUN+="/bin/bash /tmp/r00t.sh"'...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/01/11 12:0 a.m.30 views

RedStar 2.0 Desktop - &#039;World-writeable rc.sysinit&#039; Local Privilege Escalation

Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png PoC: /bin/echo...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2015/01/05 11:42 a.m.8 views

Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack

The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact...

3.8AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/12/08 12:0 a.m.28 views

CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

5CVSS7.2AI score0.13195EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2014/08/30 12:0 a.m.14 views

Fedora 20 : gvfs-1.18.3-3.fc20 / ifuse-1.1.3-3.fc20 / libgpod-0.8.3-2.fc20 / etc (2014-9092)

Add support for devices running iOS7 Fixes CVE-2013-2142: libimobiledevice: Insecure temporary file use when both $XDGCONFIGHOME and $HOME are unset http://www.openwall.com/lists/oss-security/2013/06/04/11 Note that Tenable Network Security has extracted the preceding description block directly...

3.3CVSS5.6AI score0.00265EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2013/10/22 12:0 a.m.23 views

VLC Media Player mp4a Denial of Service Vulnerability - Mac OS X

VLC Media Player is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.8CVSS6.2AI score0.03782EPSS
Exploits0References3
exploitpack
exploitpack
added 2012/11/26 12:0 a.m.110 views

mcrypt 2.5.8 - Local Stack Overflow

mcrypt 2.5.8 - Local Stack Overflow !/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .=...

6.8CVSS0.4AI score0.15019EPSS
Exploits6
Exploit DB
Exploit DB
added 2012/11/26 12:0 a.m.45 views

mcrypt 2.5.8 - Local Stack Overflow

!/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .= "H@CK3D\x00"; sflags $file .= "\xff"; payload...

6.8CVSS6.4AI score0.15019EPSS
Exploits6
OpenVAS
OpenVAS
added 2011/11/08 12:0 a.m.20 views

Wireshark CSN.1 Dissector Denial of Service Vulnerability - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

4.3CVSS6.3AI score0.02281EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2011/10/13 12:0 a.m.25 views

Fedora 16 : phpPgAdmin-5.0.3-1.fc16 (2011-13748)

Update to 5.0.3, per changes described at: http://sourceforge.net/mailarchive/forum.php?threadname =4E897F6C.90905%40free.fr&forumname=phppgadmin-news which also fixes a security flaw: http://www.openwall.com/lists/oss-security/2011/10/04/1 Note that Tenable Network Security has extracted the...

4.3CVSS5.3AI score0.0253EPSS
Exploits0References5
Rows per page
Query Builder