Lucene search
K

7660 matches found

The Hacker News
The Hacker News
added 2019/12/25 4:44 p.m.68 views

How Organizations Can Defend Against Advanced Persistent Threats

Advanced persistent threats APTs have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time. They typically perform complex hacks that allow them to steal or destroy data...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/12/25 4:44 p.m.9 views

How Organizations Can Defend Against Advanced Persistent Threats

Advanced persistent threats APTs have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time. They typically perform complex hacks that allow them to steal or destroy data...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/17 12:0 a.m.151 views

Zendesk SweetHawk Survey 1.6 Cross Site Scripting

Exploit Title: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Date: 2019-12-17 Exploit Author: MTK Vendor Homepage: https://sweethawk.co/zendesk/survey-app Software Link: https://www.zendesk.com/apps/support/survey/ Version: Up to v1.6 Tested on: Zendesk - Firefox/Windows...

7.4AI score
Exploits0
NVD
NVD
added 2019/12/16 8:15 p.m.17 views

CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

5.9CVSS5.8AI score0.014EPSS
Exploits0References5
OSV
OSV
added 2019/12/16 8:15 p.m.1 views

DEBIAN-CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

5.9CVSS5.9AI score0.014EPSS
Exploits0References1
Prion
Prion
added 2019/12/16 8:15 p.m.21 views

Race condition

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

4.3CVSS5.7AI score0.014EPSS
Exploits0References5Affected Software4
UbuntuCve
UbuntuCve
added 2019/12/16 8:15 p.m.25 views

CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

5.9CVSS6.2AI score0.014EPSS
Exploits0References3
OSV
OSV
added 2019/12/16 8:15 p.m.2 views

UBUNTU-CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

5.9CVSS6.2AI score0.014EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/12/16 7:35 p.m.18 views

CVE-2019-16779 In RubyGem excon, interrupted Persistent Connections May Leak Response Data

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

5.8CVSS5.7AI score0.014EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/12/16 7:35 p.m.31 views

CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

5.9CVSS5.5AI score0.014EPSS
Exploits0
OSV
OSV
added 2019/12/16 7:30 p.m.27 views

GHSA-Q58G-455P-8VW9 In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

5.8CVSS5.6AI score0.014EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2019/12/16 7:30 p.m.66 views

In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

5.9CVSS1.8AI score0.014EPSS
Exploits0References8Affected Software1
RubySec
RubySec
added 2019/12/16 12:0 a.m.23 views

Race condition when using persistent connections

There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it...

5.9CVSS6.7AI score0.014EPSS
Exploits0References1Affected Software1
Carbon Black Blog
Carbon Black Blog
added 2019/12/13 5:31 p.m.85 views

VMware Carbon Black TAU Malware Analysis: Tofsee Botnet Resurfaces

Tofsee is a botnet which has not been reported on since the following analysis in September of 2016 by the Cert Polka team and Cisco Talos. This updated campaign employs new techniques in order to aggressively send large volumes of spam emails primarily targeting the adult dating scene. This new...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2019/12/12 12:0 a.m.11 views

WordPress Superlist premium theme <= 2.9.2 - Persistent Cross-Site Scripting (XSS) vulnerability

Persistent Cross-Site Scripting XSS vulnerability found by SUBVΞRSΛ in WordPress Superlist premium theme versions = 2.9.2. Solution 12.12.2019 - we were unable to find a patched version of this theme...

1.7AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/12/09 12:0 a.m.2 views

SuperMicro X8STi-F Operating System Command Injection Vulnerability

The SuperMicro X8STi-F is a computer motherboard from SuperMicro USA. An operating system command injection vulnerability exists in the Virtual Media feature in the SuperMicro X8STi-F with IPMI firmware version 2.06 and BIOS version 02.68. An attacker can exploit this vulnerability to obtain a...

9CVSS7.6AI score0.19039EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/12/09 12:0 a.m.120 views

Oracle Siebel Sales 8.1 Cross Site Scripting

Exploit Title : Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Exploit Author : omurugur Software link: https://www.oracle.com/tr/applications/siebel/ Effective version : Oracle Siebel Sales 8.1 CVE: N/A Examples Request; POST /salesADMINtrk/start.swe HTTP/1.1 Content-Type:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/09 12:0 a.m.81 views

Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting

Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://snipeitapp.com/ Software Link: https://github.com/snipe/snipe-it/releases/tag/v4.7.5 Version: 4.7.5 Category: Webapps Tested on: Xamp...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/09 12:0 a.m.427 views

Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://snipeitapp.com/ Software Link: https://github.com/snipe/snipe-it/releases/tag/v4.7.5 Version: 4.7.5 Category: Webapps Tested on: Xamp...

7.4AI score
Exploits0
Prion
Prion
added 2019/12/08 4:15 a.m.21 views

Command injection

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

9CVSS8.8AI score0.19039EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder