4569 matches found
PT-2017-1640 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in Windows kernel drivers, which can be exploited by an attacker to elevate their privileges using a specially crafted application. This...
cottam.lancs.sch.uk XSS vulnerability
Vulnerable URL:...
v-83-246-40-128.eu.hostway-enterprise.net. XSS vulnerability
Vulnerable URL:...
SKYSEA Client View vulnerable to arbitrary code execution
Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on t...
geoportale.regione.liguria.it XSS vulnerability
Vulnerable URL: http://geoportale.regione.liguria.it/geoportal/catalog/search/resource/review.page?uuid=%22-alert/OPENBUGBOUNTY/-%22 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...
Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution
I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...
Downloads Resources over HTTP
Overview Affected versions of prebuild-lwip insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...
Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)
Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference MS16-137 MS16-137: LSASS Remote Memory Corruption Advisory Title: LSASS SMB NTLM Exchange Remote Memory Corruption Version: 1.0 Issue type: Null Pointer Dereference Authentication: Pre-Authenticated Affected vendor: Microsoft...
PT-2016-5018 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 5 affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the list...
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities Systems Affected Product : ManageEngine Password Manager Pro Company : ZOHO Corp. Build Number : 8.1 to 8.3 and probably earlier versions Affected Versions : 8102 to 8302 and probably earlier versions Product Description...
madclient.uimserv.net Open Redirect vulnerability
Vulnerable URL: http://madclient.uimserv.net/cl/lid=6252346019218587835/sid=2573743/kid=276287/bid=620503/c=26666/keyword=/sr=175/bidp=594372/cp=38522/kidp=266866/lidp=6252346019218260155/sidp=2573718/clickurl=https://www.xssposed.org Details: Description| Value ---|--- Patched:| No Latest check...
loft-design.org XSS vulnerability
Vulnerable URL: http://loft-design.org/flashdetection.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...
odkrywamyinterior.pl Open Redirect vulnerability
Vulnerable URL: http://www.odkrywamyinterior.pl/wp-content/themes/prostore/go.php?https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 8968129 Google...
digilib.bsu.edu.ph Open Redirect vulnerability
Vulnerable URL: http://digilib.bsu.edu.ph/greenstone/cgi-bin/library.cgi?e=d-01000-00---off-0undergra-masterth%2Cundergra%2Cdisserta-01-1----0-10-0---0---0direct-10----4-------0-1l--11-en-50---20-about---00-3-1-00-00--4--0--0-0-11-10-0utfZz-8-00=extlink=0=https://www.xssposed.org/ Details:...
refer.ccbill.com Open Redirect vulnerability
Vulnerable URL: http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=https://www.xssposed.org/=https://www.xssposed.org/=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly...
Microsoft Windows Kernel CVE-2015-2550 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...
BOA Web Server 0.94.8.2 - Arbitrary File Access Vulnerability
Exploit for linux platform in category web applications Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Author: llmora Release: Public S 2 1 S E C http://www.s21sec.com Vulnerability in BOA web server v0.94.8...
HP ArcSight contains multiple vulnerabilities
Overview HP ArcSight Logger and ESM contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated...
MS15-006: Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
The remote Windows host is affected by a vulnerability in the Windows Error Reporting service component that allows bypassing the 'Protected Process Light' security feature. A remote attacker can exploit this vulnerability to gain access to the memory of a running process. C Tenable Network...
PT-2015-4270 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.18.2 Description: A race condition in the key gc unused keys function allows local users to cause a denial of service, potentially resulting in memory corruption or panic, via keyctl commands that trigger acces...