7647 matches found
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
Default credentials
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
CVE-2017-1002100 concerns default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider (versions 1.6.0–1.6.5). The issue is that PVs are configured with the container access mode, exposing a URI on the public internet without requiring authentication. Acc...
Description of the security update for Skype for Business 2016: September 12, 2017
Description of the security update for Skype for Business 2016: September 12, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
Microsoft Info - Filter Bypass & Persistent Vulnerability
Document Title: =============== Microsoft Info - Filter Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2023 MSRC ID: TRK:0901002416 Release Date: ============= 2017-09-06 Vulnerability Laboratory ID VL-ID:...
Mobile Bootloaders From Top Manufacturers Found Vulnerable to Persistent Threats
Security researchers have discovered several severe zero-day vulnerabilities in the mobile bootloaders from at least four popular device manufacturers that could allow an attacker to gain persistent root access on the device. A team of nine security researchers from the University of California...
Telekom Prepaid Shop - Multiple Persistent Vulnerabilities
Document Title: =============== Telekom Prepaid Shop - Multiple Persistent Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2051 Telekom Security ID: 20170407TLu04 Release Date: ============= 2017-09-05 Vulnerability Laboratory ID VL-ID:...
Microsoft Info - Filter Bypass & Persistent Vulnerability
Document Title: =============== Microsoft Info - Filter Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2023 MSRC ID: TRK:0901002416 Release Date: ============= 2017-09-05 Vulnerability Laboratory ID VL-ID:...
CodeMeter 6.50 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13754 CVE-ID: ======= CVE-2017-13754 Current Estimat...
Wibu Systems AG CodeMeter 6.50 Cross Site Scripting
Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/...
WordPress WpJobBoard 4.5.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Document Title: =============== WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities Vulnerability Class: ==================== Cross Site Scripting - Non Persistent Current Estimated Price: ======================== 500a! - 1.000a! Produ...
DEBIAN-CVE-2017-12873
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider IdP is misconfigured...
Session Hijacking Bug Exposed GitLab Users Private Tokens
GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have exposed its users to session hijacking attacks. Daniel Svartman, a security researcher with Imperva, discovered the issue in May but couldn’t disclose it until Wednesday, after GitLab was able to...
Design/Logic Flaw
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation...
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation...
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation...
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation...