Lucene search
K

143 matches found

OSV
OSV
added 2018/03/01 8:29 p.m.23 views

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

7.8CVSS8.2AI score0.02326EPSS
Exploits0References3
Prion
Prion
added 2018/03/01 8:29 p.m.19 views

Command injection

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

9.3CVSS7.8AI score0.02326EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/03/01 8:29 p.m.7 views

UBUNTU-CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

7.8CVSS7.2AI score0.02326EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/03/01 7:0 p.m.31 views

CVE-2017-9274 osc executes spec code during "osc commit"

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

7.8CVSS8AI score0.02326EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/03/01 7:0 p.m.114 views

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

9.3CVSS8.2AI score0.02326EPSS
Exploits0
GithubExploit
GithubExploit
added 2018/01/11 9:43 a.m.6 views

Exploit for Out-of-bounds Write in Microsoft

PoC exploit for CVE-2018-0802, an arbitrary code execution vulne...

9.3CVSS9.3AI score0.99945EPSS
Exploits36
OSV
OSV
added 2016/09/03 8:59 p.m.3 views

CVE-2016-6377

Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager VMP allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager PAM API calls via unspecified vectors, aka Bug ID CSCuz52110...

8.1CVSS5.9AI score0.01269EPSS
Exploits0References2
CNVD
CNVD
added 2016/09/01 12:0 a.m.4 views

Cisco Virtual Media Packager Unauthorized Access Vulnerability

Cisco Virtual Media Packager is a virtual media packaging device. An unauthorized access vulnerability exists in Cisco Virtual Media Packager VMP versions 2.6 and earlier, which allows attackers to obtain sensitive information...

8.1CVSS6.7AI score0.01269EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/31 4:0 p.m.44 views

Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability

A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...

6.8CVSS8.3AI score0.01269EPSS
Exploits0References1
Veracode
Veracode
added 2016/04/23 1:22 a.m.15 views

Man-in-the-Middle (MitM)

electron-packager is vulnerable to man-in-the-middle MitM attacks. The application by default sets the --strict-ssl variable to false, disabling SSL certificate validation. This can allow an attacker on an adjacent network to conduct a MitM attack during the electron package installation step...

5.9CVSS5.5AI score0.00952EPSS
Exploits0References3Affected Software1
Node.js
Node.js
added 2016/04/21 6:27 p.m.35 views

SSL Validation Defaults to False

Overview Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...

4.3CVSS3.7AI score0.00952EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2016/01/13 12:0 a.m.79 views

Microsoft Office - COM Object DLL Planting with WMALFXGFXDSP.dll (MS16-007)

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The attached POC docume...

6.9CVSS7.8AI score0.31091EPSS
Exploits2
Exploit DB
Exploit DB
added 2016/01/13 12:0 a.m.64 views

Microsoft Office / COM Object - 'WMALFXGFXDSP.dll' DLL Planting (MS16-007)

Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The attached POC document "planted-mfplat.doc" contains what was originall...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/01/13 12:0 a.m.14 views

Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting (MS16-007)

Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting MS16-007 Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The...

Exploits0
exploitpack
exploitpack
added 2015/12/14 12:0 a.m.23 views

Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)

Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll MS15-132 Source: https://code.google.com/p/google-security-research/issues/detail?id=556 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially...

0.1AI score
Exploits0
Kaspersky
Kaspersky
added 2015/03/21 12:0 a.m.30 views

KLA10499 Code execution vulnerability in NSIS

Lack of certificates verification was found in NSIS. By exploiting this vulnerability malicious users execute arbitrary code. This vulnerability can be exploited remotely via a specially designed certificate. Original advisories - Related products Nullsoft-Scriptable-Install-System CVE list...

4.3CVSS7.6AI score0.01392EPSS
Exploits0References2
Saint
Saint
added 2014/10/24 12:0 a.m.71 views

Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability

Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...

9.3CVSS8.2AI score0.81628EPSS
Exploits22
Saint
Saint
added 2014/10/24 12:0 a.m.52 views

Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability

Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...

9.3CVSS8.2AI score0.81628EPSS
Exploits22
Exploit DB
Exploit DB
added 2014/10/20 12:0 a.m.108 views

Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-060 Microsoft Windows OLE Package Manager Code Execution", 'Description' = %q This module exploits a vulnerability found in...

9.3CVSS8AI score0.81628EPSS
Exploits22
Packet Storm
Packet Storm
added 2014/10/18 12:0 a.m.75 views

MS14-060 Microsoft Windows OLE Package Manager Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-060 Microsoft Windows OLE Package Manager Code Execution", 'Description' = %q This module exploits a vulnerability found in...

9.3CVSS0.3AI score0.81628EPSS
Exploits22
Rows per page
Query Builder