Lucene search
K

184 matches found

Packet Storm
Packet Storm
added 2018/03/22 12:0 a.m.35 views

Domaintrader 2.5.3 Cross Site Scripting

i? Domaintrader v.2.5.3 Cross-Site Scripting 6th of February, 2018 Found by Uladzislau Murashka - https://sm0k3.net Vendor homepage: www.smartscriptsolutions.com Software link: http://www.smartscriptsolutions.com/domain-trader/ Version of local application copy: 2.5.2 but valid also for 2.5.3...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/11/16 12:0 a.m.114 views

Zeta Components Mail 1.8.1 - Remote Code Execution

Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

6.8CVSS0.4AI score0.10652EPSS
Exploits3
Hacker One
Hacker One
added 2017/10/28 12:16 a.m.76 views

Internet Bug Bounty: Out-Of-Bounds Read in timelib_meridian()

Description While deserializing an invalid dateTime value, wddxdeserialize would result in a heap out-of-bounds read in timelibmeridian. As wddxdeserialize is exposed to network data, and sometimes echo the results back to client, this issue could potentially allow remote peeking of the process...

5CVSS8.4AI score0.26373EPSS
Exploits2
Hacker One
Hacker One
added 2017/07/12 9:52 a.m.65 views

Internet Bug Bounty: PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)

Description: A wild memcpy is discovered in the openssl package included in stable PHP release. During parsing a PEM certificate in opensslseal, an invalid key length is produced after parsing, eskl0 value is -1 after the call to EVPSealInit, subsequently causing a heap overflow via a wild memcpy...

5CVSS9AI score0.06164EPSS
Exploits0
0day.today
0day.today
added 2016/11/18 12:0 a.m.25 views

DCFM Blog 0.9.7 Blind SQL Injection Vulnerability

DCFM Blog version 0.9.7 suffers from a remote blind SQL injection vulnerability. DCFM Blog Version 0.9.7 Blind SQL Injection Vulnerability time based-attack ================================================================================ Description ============ Open-source blog project. Free blo...

8.1AI score
Exploits0
0day.today
0day.today
added 2016/11/18 12:0 a.m.31 views

DCFM Blog 0.9.7 Cross Site Scripting Vulnerability

DCFM Blog version 0.9.7 suffers from a cross site scripting vulnerability. DCFM Blog 0.9.7 XSS Attack =========================== Description ============ Open-source blog project. Free blog system for any website. Uses MySQL and PHP 5. Very easily customizable and incredibly flexible...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/17 12:0 a.m.55 views

DCFM Blog 0.9.7 Blind SQL Injection

DCFM Blog Version 0.9.7 Blind SQL Injection Vulnerability time based-attack ================================================================================ Discovered by NA , NAattutanota.com ======================================== Description ============ Open-source blog project. Free blog...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/17 12:0 a.m.50 views

DCFM Blog 0.9.7 Cross Site Scripting

DCFM Blog 0.9.7 XSS Attack =========================== Discovered by NA , NAattutanota.com ======================================== Description ============ Open-source blog project. Free blog system for any website. Uses MySQL and PHP 5. Very easily customizable and incredibly flexible...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/11/16 2:24 a.m.14 views

Internet Bug Bounty: Illegal write/read access caused by gdImageAALine overflow

Upstream Bug --- https://bugs.php.net/bug.php?id=72482 Summary --- Ilegal write/read access at gdImageSetAAPixelColor caused by gdImageAALine overflow. gdImageAALine tries to clip the limit values and fails because an integer overflow occurs while calculating the new line limits. PHP 5 is affecte...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/10/21 12:0 a.m.42 views

Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities

Document Title: =============== Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1906 Release Date: ============= 2016-10-21 Vulnerability Laboratory ID VL-ID: ===================================...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/08/17 6:46 a.m.24 views

Internet Bug Bounty: Use After Free Vulnerability in unserialize()

bug report at: https://bugs.php.net/bug.php?id=70436 fix commit at: https://github.com/php/php-src/commit/95d09e4b5e6b84f8340efe03e8e2f9c1380228db Use After Free Vulnerability in unserialize Taoguang Chen - Write Date: 2015.9.6 - Release Date: 2016.8.18 A use-after-free vulnerability was discover...

8AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/08/03 12:0 a.m.28 views

Subrion v4.0.5 CMS - SQL Injection Vulnerability

Document Title: =============== Subrion v4.0.5 CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1893 Release Date: ============= 2016-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 1893 Comm...

7.4AI score
Exploits0
NVD
NVD
added 2016/06/01 10:59 p.m.15 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS7.4AI score0.01907EPSS
Exploits0References4
OSV
OSV
added 2016/06/01 10:59 p.m.6 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS7.3AI score0.01907EPSS
Exploits0References4
Prion
Prion
added 2016/06/01 10:59 p.m.21 views

Design/Logic Flaw

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

5CVSS6.9AI score0.01907EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2016/06/01 10:59 p.m.3 views

UBUNTU-CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS7.1AI score0.01907EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/06/01 10:59 p.m.18 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS7.1AI score0.01907EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2016/06/01 10:0 p.m.35 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS7.4AI score0.01907EPSS
Exploits0
CVE
CVE
added 2016/06/01 10:0 p.m.84 views

CVE-2016-1902

CVE-2016-1902 affects Symfony’s SecureRandom class prior to: 2.3.37, 2.6.x prior to 2.6.13, and 2.7.x prior to 2.7.9 when used with PHP 5.x without the paragonie/random_compat library. The OpenSSL/openssl_random_pseudo_bytes path may fail, causing weak or non-secure random numbers and undermining...

7.5CVSS7.2AI score0.01907EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/06/01 10:0 p.m.27 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.3AI score0.01907EPSS
Exploits0References4
Rows per page
Query Builder