Lucene search
K

4603 matches found

Packet Storm
Packet Storm
added 2017/07/24 12:0 a.m.52 views

REDDOXX Appliance Arbitrary File Disclosure

Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Details ======= Product...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/07/24 12:0 a.m.50 views

REDDOXX Appliance Cross Site Scripting

Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: REDDOXX Appliance Affected Versions:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/24 12:0 a.m.44 views

REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution

Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Details ======= Product: REDDOX...

7.4AI score
Exploits0
Node.js
Node.js
added 2017/07/07 12:0 a.m.45 views

Directory Traversal

Overview Affected versions of uv-tj-demo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

5CVSS4.6AI score0.02005EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2017/07/05 9:17 p.m.49 views

Directory Traversal

Overview Affected versions of sgqserve resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

5CVSS4.5AI score0.02005EPSS
Exploits1Affected Software1
Packet Storm
Packet Storm
added 2017/07/03 12:0 a.m.1445 views

BOA Web Server 0.94.14rc21 Arbitrary File Access

BOA Web Server 0.94.14 - Access to arbitrary files as privileges Title: Vulnerability in BOA Webserver 0.94.14 Date: 20-06-2017 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: Miguel Mendez Z Vendor Homepage: http://www.boa.org Version: Boa Webserver...

0.3AI score0.67725EPSS
Exploits6
Node.js
Node.js
added 2017/06/27 9:40 p.m.22 views

Directory Traversal

Overview Affected versions of cuciuci resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

5CVSS4.2AI score0.02005EPSS
Exploits1Affected Software1
Exploit DB
Exploit DB
added 2017/06/20 12:0 a.m.109 views

BOA Web Server 0.94.14rc21 - Arbitrary File Access

BOA Web Server 0.94.14 - Access to arbitrary files as privileges Title: Vulnerability in BOA Webserver 0.94.14 Date: 20-06-2017 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: Miguel Mendez Z Vendor Homepage: http://www.boa.org Version: Boa Webserver...

7.8CVSS7.6AI score0.67725EPSS
Exploits6
Openbugbounty
Openbugbounty
added 2017/06/15 3:14 p.m.15 views

nantahalalibrary.org XSS vulnerability

Vulnerable URL: http://www.nantahalalibrary.org/TLCScripts/interpac.dll?SearchForm=1=pac=,0,%3C!%27/!%22/!%27/%22/--!%3E%3CInput/Autofocus%20/;%20Onfocus=alert'OPENBUGBOUNTY'//%3E%3CSvg%3E= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:|...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/07 5:54 a.m.2 views

AppCheck may insecurely invoke an executable file

Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...

9.3CVSS6.9AI score0.01651EPSS
Exploits0References6
Openbugbounty
Openbugbounty
added 2017/05/25 8:2 a.m.7 views

beyondbronzeltd.co.uk XSS vulnerability

Vulnerable URL: http://www.beyondbronzeltd.co.uk/wp-content/plugins/wp-password/login.php/"'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17268443 VIP website status:| No Chec...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/05/23 12:0 a.m.3 views

PT-2017-18755 · Autotrace +1 · Autotrace +1

Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue is related to a heap-based buffer overflow in the ReadImage function, located in the input-bmp.c file. This overflow occurs at line 497, column 29, and is associated with the libautotrace.a...

9.8CVSS6.7AI score0.02468EPSS
Exploits0References62
Positive Technologies
Positive Technologies
added 2017/05/23 12:0 a.m.4 views

PT-2017-18760 · Autotrace +1 · Autotrace +1

Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue allows remote attackers to cause a denial of service, resulting in an invalid write and SEGV. This is related to the ReadImage function in input-bmp.c. Recommendations: For AutoTrace version...

9.8CVSS6.6AI score0.02468EPSS
Exploits0References62
Positive Technologies
Positive Technologies
added 2017/03/17 12:0 a.m.5 views

PT-2017-6703 · Qdpm · Qdpm

Name of the Vulnerable Software and Affected Versions: qdPM version 8.3 Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to various pages in qdPM, including myAccount, projects, tasks, tickets, discussions, reports, and...

8.8CVSS8.8AI score0.14399EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2017/03/14 12:0 a.m.4 views

PT-2017-1640 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in Windows kernel drivers, which can be exploited by an attacker to elevate their privileges using a specially crafted application. This...

7.8CVSS7.9AI score0.01835EPSS
Exploits0References12
Openbugbounty
Openbugbounty
added 2017/02/22 7:2 p.m.15 views

cottam.lancs.sch.uk XSS vulnerability

Vulnerable URL:...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/12/30 11:0 a.m.11 views

v-83-246-40-128.eu.hostway-enterprise.net. XSS vulnerability

Vulnerable URL:...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/22 5:26 a.m.4 views

SKYSEA Client View vulnerable to arbitrary code execution

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on t...

10CVSS7.8AI score0.1938EPSS
Exploits1References9
Openbugbounty
Openbugbounty
added 2016/12/05 11:32 a.m.12 views

geoportale.regione.liguria.it XSS vulnerability

Vulnerable URL: http://geoportale.regione.liguria.it/geoportal/catalog/search/resource/review.page?uuid=%22-alert/OPENBUGBOUNTY/-%22 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/12/03 12:0 a.m.604 views

Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution

I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...

7.5CVSS0.5AI score0.98518EPSS
Exploits28
Rows per page
Query Builder