Lucene search
K

7659 matches found

OSV
OSV
added 2020/01/24 9:28 p.m.22 views

GHSA-GP2M-7CFP-H6GF Incorrect persistent NameID generation in SimpleSAMLphp

Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...

9.8CVSS9.2AI score0.01656EPSS
Exploits0References7
OSV
OSV
added 2020/01/23 2:15 a.m.12 views

CVE-2020-5223

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

4.4CVSS4.5AI score
Exploits0References4
Prion
Prion
added 2020/01/23 2:15 a.m.11 views

Cross site scripting

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

2.1CVSS4.4AI score0.00658EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/01/23 1:35 a.m.98 views

CVE-2020-5223

CVE-2020-5223 affects PrivateBin: 1.2.0 before 1.2.2 and 1.3.0 before 1.3.2. The root cause is an unescaped user-provided attachment filename that can inject HTML, enabling a persistent XSS when a paste is viewed (e.g., via cloning). The issue has been fixed in PrivateBin v1.3.2 and v1.2.2. Upgra...

6.1CVSS4.7AI score0.00658EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/01/23 1:35 a.m.29 views

CVE-2020-5223 Persistent XSS vulnerability in filename of attached file in PrivateBin

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

6.1CVSS5.9AI score0.00658EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.36 views

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1365)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.0265EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/01/21 12:0 a.m.30 views

Debian DLA-2070-1 : ruby-excon security update

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. For Debian 8 'Jessie'...

5.9CVSS5.8AI score0.014EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2020/01/20 12:0 a.m.147 views

Advie Framework 2.0.8 Cross Site Scripting

Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/20 12:0 a.m.706 views

Adive Framework 2.0.8 - Persistent Cross-Site Scripting

Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2020/01/20 12:0 a.m.56 views

Debian: Security Advisory (DLA-2070-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.1AI score0.014EPSS
Exploits0References3
Debian
Debian
added 2020/01/19 12:50 p.m.80 views

[SECURITY] [DLA 2070-1] ruby-excon security update

Package : ruby-excon Version : 0.33.0-2+deb8u1 CVE ID : CVE-2019-16779 Debian Bug : 946904 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests wou...

5.9CVSS5.7AI score0.014EPSS
Exploits0
NVD
NVD
added 2020/01/18 12:15 a.m.35 views

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

7.8CVSS7.8AI score0.00732EPSS
Exploits5References3
OSV
OSV
added 2020/01/18 12:15 a.m.5 views

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

7.8CVSS7.2AI score0.00732EPSS
Exploits5References3
Prion
Prion
added 2020/01/18 12:15 a.m.10 views

Remote code execution

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

7.2CVSS7.8AI score0.00732EPSS
Exploits5References3Affected Software8
CVE
CVE
added 2020/01/17 11:45 p.m.210 views

CVE-2019-20357

The connected records confirm CVE-2019-20357 is a Persistent Arbitrary Code Execution vulnerability in the Trend Micro Security (Consumer) line, specifically affecting the 2020 (v160) and 2019 (v15) consumer products. The vulnerability is described as allowing an attacker to create a malicious pr...

7.8CVSS7.7AI score0.00732EPSS
Exploits5References3Affected Software8
exploitpack
exploitpack
added 2020/01/17 12:0 a.m.63 views

Trend Micro Maximum Security 2019 - Privilege Escalation

Trend Micro Maximum Security 2019 - Privilege Escalation Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15...

7.2CVSS0.2AI score0.00732EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/17 12:0 a.m.220 views

Trend Micro Maximum Security 2019 - Privilege Escalation

Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15 Internet Security 2019 v15, Antivirus + Security 2019 v15...

7.8CVSS7.7AI score0.00732EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/16 12:0 a.m.446 views

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link: https://wordpress.org/plugins/postie/developers Version:...

5.4CVSS5.6AI score0.03376EPSS
Exploits6
0day.today
0day.today
added 2020/01/16 12:0 a.m.179 views

WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link:...

3.5CVSS5.4AI score0.03376EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2020/01/15 12:0 a.m.28 views

openSUSE Security Update : rubygem-excon (openSUSE-2020-36)

This update for rubygem-excon fixes the following issues : CVE-2019-16779 boo1159342: Fix a race condition around persistent connections, where a connection, which was interrupted, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous...

5.9CVSS5.8AI score0.014EPSS
Exploits0References2
Rows per page
Query Builder