Lucene search
K

96 matches found

Prion
Prion
added 2020/11/12 9:15 p.m.20 views

Command injection

Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...

10CVSS9.5AI score0.23304EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/20 1:27 p.m.15 views

CVE-2020-6366

SAP NetWeaver Compare Systems versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service...

7.6CVSS6.7AI score0.01062EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/12/10 9:56 a.m.105 views

Semrush: Persistent CSV injection

Hi Team, https://www.semrush.com/notes is vulnerable to persistent csv injection stored csv injection POC: 1 Login into application and open https://www.semrush.com/notes 2 click on "Add note" button 3 And enter csv injection payloads like =4+4, =HYPERLINK"http://evil.com", "EVIL" and click on sa...

7.4AI score
Exploits0
NVD
NVD
added 2018/11/14 3:29 p.m.18 views

CVE-2018-6074

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...

8.8CVSS7.9AI score0.01521EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/11/14 3:29 p.m.18 views

CVE-2018-6074

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...

8.8CVSS7.2AI score0.01521EPSS
Exploits0References2
Prion
Prion
added 2018/11/14 3:29 p.m.15 views

Design/Logic Flaw

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...

6.8CVSS7.8AI score0.01521EPSS
Exploits0References5Affected Software5
Cvelist
Cvelist
added 2018/11/14 3:0 p.m.20 views

CVE-2018-6074

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...

7.9AI score0.01521EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2018/11/14 3:0 p.m.28 views

CVE-2018-6074

Removed by vendor...

8.8CVSS9.3AI score0.01521EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/08/21 5:3 p.m.26 views

Command Injection in git-dummy-commit

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

10CVSS3.5AI score0.04001EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/08/17 1:29 p.m.27 views

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

10CVSS9.8AI score0.04001EPSS
Exploits1References1
Prion
Prion
added 2018/08/17 1:29 p.m.13 views

Command injection

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

10CVSS9.8AI score0.04001EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/08/17 1:29 p.m.15 views

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

9.8CVSS7.5AI score
Exploits0References1
CVE
CVE
added 2018/08/17 1:0 p.m.48 views

CVE-2018-3785

CVE-2018-3785 affects git-dummy-commit v1.3.0, where an unescaped parameter allows command injection to execute OS commands. Several sources confirm the issue is a command-injection in the msg/filename handling, enabling remote or local command execution depending on context. Impact is high (OS-l...

10CVSS9.7AI score0.04001EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/17 1:0 p.m.29 views

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

9.9AI score0.04001EPSS
Exploits1References1
NVD
NVD
added 2018/07/13 5:29 p.m.27 views

CVE-2018-1245

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component ACM. A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a...

9CVSS9.1AI score0.02524EPSS
Exploits0References2
Prion
Prion
added 2018/07/13 5:29 p.m.16 views

Authorization

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component ACM. A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a...

9CVSS8.5AI score0.02524EPSS
Exploits0References2Affected Software1
n0where
n0where
added 2018/07/02 5:6 p.m.131 views

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...

6.9AI score
Exploits0References7
NVD
NVD
added 2018/03/08 3:29 p.m.20 views

CVE-2018-1182

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...

7.8CVSS7.9AI score0.00424EPSS
Exploits0References3
Prion
Prion
added 2018/03/08 3:29 p.m.13 views

Design/Logic Flaw

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...

7.2CVSS7.8AI score0.00424EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2018/03/08 3:0 p.m.20 views

CVE-2018-1182

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...

7.9AI score0.00424EPSS
Exploits0References3
Rows per page
Query Builder