Lucene search
K

140 matches found

Fedora
Fedora
added 2018/12/30 1:39 a.m.24 views

[SECURITY] Fedora 28 Update: vcftools-0.1.16-1.fc28

A program package designed for working with VCF files, such as those generated by the 1000 Genomes Project. The aim of VCFtools is to provide methods for working with VCF files: validating, merging, comparing and calculate some basic population genetic statistics...

7.8CVSS2.2AI score0.22369EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2018/07/19 4:10 p.m.7 views

jamesphogan.com XSS vulnerability

Open Bug Bounty ID: OBB-650365 Description| Value ---|--- Affected Website:| jamesphogan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Talos
Talos
added 2018/03/01 12:0 a.m.35 views

Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.8AI score0.02395EPSS
Exploits0
Hacker One
Hacker One
added 2018/02/15 12:30 a.m.22 views

Coinbase: Prepopulation of email address and name leaks information provided to other merchants

Users of the commerce widget that have entered their name and email into the widget and moved to the currency selection step were vulnerable to a clickjacking attack that revealed name and email to an attacker due to pre-population of the widget's fields. After a user filled out the name / email...

6.5AI score
Exploits0
OSV
OSV
added 2018/01/03 4:29 p.m.16 views

CVE-2017-1000488

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form...

6.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2018/01/03 4:0 p.m.20 views

CVE-2017-1000488

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form...

6AI score0.00843EPSS
Exploits1References1
Kitploit
Kitploit
added 2017/10/17 1:30 p.m.490 views

cve-search - A Tool To Perform Local Searches For Known Vulnerabilities

cve-search is a tool to import CVE Common Vulnerabilities and Exposures and CPE Common Platform Enumeration into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually fast...

7.8CVSS9.1AI score0.89497EPSS
Exploits18References6
Citrix
Citrix
added 2017/08/16 12:0 a.m.8 views

Behavior of VM.xenstore_data

Summary This article describes the behavior ofVM.xenstoredata. This behavior might affect customers who use thexenstore-data parameter of a Virtual Machine VM, especially those customers who are writing software that interacts with XenServer and uses this parameter. Behavior of VM.xenstoredata If...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/07 7:8 p.m.61 views

Friday Squid Blogging: Why It's Hard to Track the Squid Population

Counting squid is not easy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
NVD
NVD
added 2017/05/09 4:29 p.m.24 views

CVE-2017-3067

Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...

7.5CVSS7.3AI score0.04791EPSS
Exploits0References3
Prion
Prion
added 2017/05/09 4:29 p.m.21 views

Information disclosure

Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...

5CVSS7.3AI score0.04791EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/05/09 4:0 p.m.25 views

CVE-2017-3067

Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...

7.3AI score0.04791EPSS
Exploits0References3
NVD
NVD
added 2017/01/10 3:59 p.m.14 views

CVE-2015-4594

eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...

9.8CVSS9.4AI score0.06238EPSS
Exploits5References3
Prion
Prion
added 2017/01/10 3:59 p.m.17 views

Cross site request forgery (csrf)

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

6.8CVSS7.5AI score0.03355EPSS
Exploits5References3
NVD
NVD
added 2017/01/10 3:59 p.m.17 views

CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

6.1CVSS6.1AI score0.05132EPSS
Exploits5References3
Prion
Prion
added 2017/01/10 3:59 p.m.13 views

Session fixation

eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...

7.5CVSS7AI score0.06238EPSS
Exploits5References3
NVD
NVD
added 2017/01/10 3:59 p.m.22 views

CVE-2015-4593

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

8.8CVSS8.8AI score0.03355EPSS
Exploits5References3
CVE
CVE
added 2017/01/10 3:0 p.m.48 views

CVE-2015-4594

CVE-2015-4594 affects eClinicalWorks Population Health CCMR Client Portal. The root cause is a missing new session ID upon user authentication, enabling session fixation by reusing an existing session ID. The vulnerability implies potential compromise of active sessions (high/critical impact per ...

9.8CVSS9.3AI score0.06238EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2017/01/10 3:0 p.m.54 views

CVE-2015-4591

CVE-2015-4591 relates to the eClinicalWorks Population Health (CCMR) Client Portal. The vulnerability is a cross-site scripting (XSS) weakness in login.jsp that allows injection of arbitrary JavaScript via the strMessage parameter. The underlying issue is insufficient input sanitization of this p...

6.1CVSS7.4AI score0.05132EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2017/01/10 3:0 p.m.25 views

CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

6.4AI score0.05132EPSS
Exploits5References3
Rows per page
Query Builder