Lucene search
K

1214 matches found

Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.31 views

Fedora 21 : qemu-2.1.2-7.fc21 (2014-16075)

Fix qemu-img convert corruption for unflushed files bz 1167249 - Fix SLES11 migration issue bz 1109427 - CVE-2014-7840: insufficient parameter validation during ram load bz 1163080 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

7.5CVSS6.3AI score0.04115EPSS
Exploits0References3
OSV
OSV
added 2014/11/26 5:29 p.m.8 views

MGASA-2014-0495 Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoo...

6.5CVSS5.5AI score0.02725EPSS
Exploits3References6
0day.today
0day.today
added 2014/11/16 12:0 a.m.36 views

Pandora FMS 5.1SP1 Cross Site Scripting Vulnerability

Pandora FMS version 5.1SP1 suffers from a cross site scripting vulnerability. I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/11/11 12:0 a.m.36 views

Fedora 20 : qemu-1.6.2-10.fc20 (2014-14033)

CVE-2014-7815 vnc: insufficient bitsperpixel from the client sanitization bz 1157647, bz 1157641 - CVE-2014-3689 vmwarevga: insufficient parameter validation in rectangle functions bz 1153038, bz 1153035 Note that Tenable Network Security has extracted the preceding description block directly...

7.2CVSS6.7AI score0.03742EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/11/10 12:0 a.m.53 views

Fedora 21 : qemu-2.1.2-6.fc21 (2014-13993)

CVE-2014-7815 vnc: insufficient bitsperpixel from the client sanitization bz 1157647, bz 1157641 - CVE-2014-3689 vmwarevga: insufficient parameter validation in rectangle functions bz 1153038, bz 1153035 Fix dep on numactl-devel to be build time not install time Note that Tenable Network Security...

7.2CVSS6.6AI score0.03742EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2014/10/02 12:0 a.m.30 views

(0Day) GoPro HERO 3+ gpExec start Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the...

10CVSS7.3AI score0.03321EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2014/10/02 12:0 a.m.29 views

(0Day) GoPro HERO 3+ gpExec restart Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the...

10CVSS7.4AI score0.03172EPSS
Exploits0
Packet Storm
Packet Storm
added 2014/09/18 12:0 a.m.36 views

WatchGuard XTM 11.8.3 Cross Site Scripting

I. VULNERABILITY Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power. III...

7.4AI score
Exploits0
NVD
NVD
added 2014/08/29 9:55 a.m.14 views

CVE-2014-3346

The web framework in Cisco Transport Gateway for Smart Call Home aka TG-SCH or Transport Gateway Installation Software does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service service crash via a crafted string, aka Bug ID CSCuq31819...

6.3CVSS6.3AI score0.01852EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2014/08/15 12:0 a.m.46 views

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 II. BACKGROUND ------------------------- Silver Peak VX software marries the cost and flexibility benefits of virtualization with the performance gains associated wi...

Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Clicker CMS Blind SQL Injection Vulnerability

No description provided by source. Exploit Title: Clicker CMS Blind SQL Injection Vulnerability Date: 2010-06-25 Author: [email protected] Software Link: n/a Version: n/a .:. Author : [email protected] .:. Contact: [email protected], [email protected] .:. Home : www.evilzone.org,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Horde Webmail 5.1 - Open Redirect Vulnerability

No description provided by source. + Horde webmail - Open Redirect Vulnerability + Date: 31/03/2014 + Risk: Low + Remote: Yes + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.horde.org/apps/webmail + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Free Online Dictionary of Computing 1.0 - Remote File Viewing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called The Free Online Dictionary of Computing. Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Fool's Workshop Owl's Workshop 1.0 resultsignore.php Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/06/09 12:0 a.m.73 views

Cisco Ironport Email Security Virtual Appliance 8.0.0-671 XSS

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Cisco Ironport Email Security Virtual Appliance Version: 8.0.0-671 II. BACKGROUND ------------------------- Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, that...

4.3CVSS0.5AI score0.02426EPSS
Exploits4
Packet Storm
Packet Storm
added 2014/05/30 12:0 a.m.38 views

InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION ------------------------- Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injectio...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2014/05/23 8:42 p.m.19 views

Urban Dictionary: Open URL Redirection

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Vulnerable Path:...

1.2AI score
Exploits0
Cisco
Cisco
added 2014/04/29 7:56 p.m.22 views

Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

A vulnerability in Document Management of Cisco Unified Contact Center Express could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by...

4CVSS6.7AI score0.00764EPSS
Exploits0References1
Hacker One
Hacker One
added 2014/03/01 10:3 p.m.29 views

Slack: URL redirection flaw

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Steps to reproduce: 1 Go to this URL:...

0.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2014/02/13 12:0 a.m.40 views

GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter...

6.8CVSS7.3AI score0.03063EPSS
Exploits2References1
Rows per page
Query Builder