Lucene search
K

1212 matches found

RedhatCVE
RedhatCVE
added 2017/03/22 6:48 p.m.20 views

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.3AI score0.00799EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/03/15 12:30 p.m.8 views

rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin

A resource-consumption flaw was found in RabbitMQ Server, where the lengthsage or lengthsincr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large...

6.8CVSS5.7AI score0.03505EPSS
Exploits0References4
Prion
Prion
added 2017/02/13 4:59 p.m.17 views

Design/Logic Flaw

Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated...

4.3CVSS5.6AI score0.02474EPSS
Exploits0References3Affected Software1
Exploit DB
Exploit DB
added 2017/01/31 12:0 a.m.130 views

Netman 204 - Backdoor Account / Password Reset

Exploit Title: Netman 204 Backdoor and weak password recovery function Google Dork: intitle:"Netman 204 login" Date: 31st Jan 2017 Exploit Author: Simon Gurney Vendor Homepage: blog.synack.co.uk Software Link: http://www.riello-ups.co.uk/uploads/file/319/1319/FW058-0105FWB0225NetMan204.zip Versio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/31 12:0 a.m.53 views

Netman 204 Backdoor / Password Reset

Exploit Title: Netman 204 Backdoor and weak password recovery function Google Dork: intitle:"Netman 204 login" Date: 31st Jan 2017 Exploit Author: Simon Gurney Vendor Homepage: blog.synack.co.uk Software Link: http://www.riello-ups.co.uk/uploads/file/319/1319/FW058-0105FWB0225NetMan204.zip Versio...

0.2AI score
Exploits0
0day.today
0day.today
added 2017/01/31 12:0 a.m.62 views

Netman 204 - Backdoor Account / Password Reset Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Netman 204 Backdoor and weak password recovery function Google Dork: intitle:"Netman 204 login" Date: 31st Jan 2017 Exploit Author: Simon Gurney Vendor Homepage: blog.synack.co.uk Software Link:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/01/11 12:0 a.m.75 views

Amazon Linux AMI : ghostscript (ALAS-2017-784)

It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie...

9.8CVSS7.5AI score0.06419EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/01/04 10:9 a.m.6 views

ghostscript: check for sufficient params in .sethalftone5

It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process...

7.8CVSS6.1AI score0.03212EPSS
Exploits0References4
CNVD
CNVD
added 2016/12/20 12:0 a.m.9 views

NVIDIA GeForce Experience Information Disclosure Vulnerability

NVIDIA GeForce Experience is a suite of automatic graphics card update tools from NVIDIA. A security vulnerability exists in the NVIDIA Web Helper.exe file in NVIDIA GeForce Experience version 3.x prior to 3.1.0.52, which stems from the program failing to properly perform access control and...

6.5CVSS6.7AI score0.0532EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/12/19 12:0 a.m.17 views

SPIP 3.1.x < 3.1.4 'plugin' and 'id' Parameters Multiple XSS Vulnerabilities

SPIP is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip"; i...

6.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/10/20 5:47 p.m.26 views

CVE-2016-7979

It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...

9.8CVSS2.8AI score0.06419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/10/14 1:47 p.m.31 views

CVE-2016-8602

It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process...

7.8CVSS4.3AI score0.03212EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.32 views

Cisco Firepower Management Center Console Local File Inclusion Vulnerability

A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allo...

4CVSS6.2AI score0.36617EPSS
Exploits5References1
CNVD
CNVD
added 2016/08/25 12:0 a.m.4 views

Huawei UMA Security Bypass Vulnerability

Huawei UMA Unified Maintenance and Audit is a unified IT core resource operation and maintenance management and security audit platform designed for carriers, government, finance, electric power and large enterprises. Huawei UMA suffers from a security bypass vulnerability, as the program fails t...

7.5CVSS6.9AI score0.01205EPSS
Exploits0References1
NVD
NVD
added 2016/08/06 10:59 a.m.22 views

CVE-2016-3855

drivers/thermal/supplylmcore.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted application, aka Qualcomm...

7.8CVSS7.9AI score0.00385EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.10 views

The vulnerability of Juniper SRX 240 router microprogramming software, allowing a hacker to execute arbitrary commands

The Juniper SRX 240 router software contains a vulnerability in the Sajax AJAX library, allowing an attacker to execute any commands due to the lack of validation of request parameters by the sajaxhandleclient function...

9CVSS5.7AI score0.10608EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2016/06/13 7:16 a.m.7 views

SUSE-SU-2016:1559-1 Security update for spice

spice was updated to fix four security issues. These security issues were fixed: - CVE-2016-2150: Guest escape using crafted primary surface parameters bsc982386. - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction bsc982385. - CVE-2015-5260: Insufficient validation of surfaceid...

10CVSS7.7AI score0.08492EPSS
Exploits0References9
OSV
OSV
added 2016/06/13 1:59 a.m.3 views

CVE-2016-2480

The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

7.8CVSS7.3AI score0.00419EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2016/05/30 12:0 a.m.2 views

ESF pfSense status_rrd_graph_img.php Command Injection

A Command Injection vulnerability has been reported in ESF pfSense. This vulnerability is due to statusrrdgraphimg.php incorrectly validating the graph HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the statusrrdgraphimg.php URI...

2.4AI score
Exploits0
OpenVAS
OpenVAS
added 2016/04/01 12:0 a.m.32 views

Apache Jetspeed Multiple Vulnerabilities (Mar 2016)

Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...

9CVSS6.8AI score0.77495EPSS
Exploits9References2
Rows per page
Query Builder