Lucene search
K

748 matches found

CVE
CVE
added 2017/11/05 5:0 p.m.51 views

CVE-2017-16542

CVE-2017-16542 affects Zoho ManageEngine Applications Manager 13 prior to build 13500. The vulnerability is a post-authentication SQL injection via the name parameter in the manageApplications.do?method=insert endpoint. PoCs show a POST request to /manageApplications.do?method=insert can inject S...

8.8CVSS9.3AI score0.05487EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2017/11/05 5:0 p.m.30 views

CVE-2017-16542

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request...

9.5AI score0.05487EPSS
Exploits3References3
exploitpack
exploitpack
added 2017/09/29 12:0 a.m.101 views

FileRun 2017.09.18 - SQL Injection

FileRun 2017.09.18 - SQL Injection !/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version:...

7.5CVSS0.2AI score0.02624EPSS
Exploits5
Citrix
Citrix
added 2017/09/26 12:0 a.m.13 views

How to Remove the "Skip Check" Option from Post-Authentication and nfactor EPA Scans

This article describes how to remove the "Skip Check" option from EPA.HTML on post-authentication NetScaler Gateway EPA scan. The solution in this article is meant for X1, Default, GreenBubble and RfWebUI portal themes...

7.1AI score
Exploits0
0day.today
0day.today
added 2017/09/12 12:0 a.m.31 views

WiseGiga NAS - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Source: https://blogs.securiteam.com/index.php/archives/3402 Vulnerabilities summary The following advisory describes five 5 vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/09/11 12:0 a.m.24 views

WiseGiga NAS - Multiple Vulnerabilities

WiseGiga NAS - Multiple Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3402 Vulnerabilities summary The following advisory describes five 5 vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. T...

0.4AI score
Exploits0
Prion
Prion
added 2017/06/28 1:29 p.m.13 views

Cross site scripting

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...

3.5CVSS5.2AI score0.00879EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2017/06/28 1:29 p.m.4 views

CVE-2017-5241

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...

5.4CVSS5.7AI score0.00879EPSS
Exploits1References3
ALT Linux
ALT Linux
added 2017/06/21 12:0 a.m.41 views

Security fix for the ALT Linux 9 package openvpn version June

June 21, 2017 Nikolay A. Fetisov 2.4.3-alt1 - New version - Security fixes: + CVE-2017-7522 Post-authentication --x509-track remote DoS + CVE-2017-7521 Post-authentication remote-triggerable memory leaks + CVE-2017-7521 Potential post-authentication remote code execution on servers that use the...

5CVSS7.2AI score0.05539EPSS
Exploits0
Citrix
Citrix
added 2017/05/26 12:0 a.m.11 views

Configure post-authentication Endpoint Analysis scan as factor in Citrix ADC nFactor auth

For detailed information refer to Citrix Documentation -Configure post-authentication Endpoint Analysis scan as a factor in Citrix ADC nFactor authentication...

6.7AI score
Exploits0
FreeBSD
FreeBSD
added 2017/05/21 12:0 a.m.27 views

SquirrelMail -- post-authentication access privileges

Florian Grunow reports: An attacker able to exploit this vulnerability can extract files of the server the application is running on. This may include configuration files, log files and additionally all files that are readable for all users on the system. This issue is post-authentication. That...

8.8CVSS8.4AI score0.04451EPSS
Exploits0References2
NVD
NVD
added 2017/05/19 2:29 p.m.27 views

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.8CVSS9.1AI score0.05142EPSS
Exploits0References3
Prion
Prion
added 2017/05/19 2:29 p.m.25 views

Double free

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.5CVSS8.9AI score0.05142EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2017/05/19 2:29 p.m.2 views

DEBIAN-CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.8CVSS6.5AI score0.05142EPSS
Exploits0References1
CVE
CVE
added 2017/05/19 2:0 p.m.331 views

CVE-2017-9078

CVE-2017-9078 affects Dropbear server prior to 2017.75, where a post-authentication double-free during TCP listener cleanup (when -a is enabled) could allow root remote code execution. The connected sources document the vulnerability and its Fix: Dropbear updates to 2017.75+ (and related advisori...

8.8CVSS8.6AI score0.05142EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2017/05/19 2:0 p.m.60 views

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.8CVSS5.7AI score0.05142EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/05/19 2:0 p.m.93 views

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.8CVSS9.1AI score0.05142EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/04/26 7:48 a.m.37 views

CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

9CVSS3.4AI score0.32156EPSS
Exploits7References2
OSV
OSV
added 2017/04/20 2:59 p.m.6 views

UBUNTU-CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

8.8CVSS8AI score0.32156EPSS
Exploits7References3
CVE
CVE
added 2017/04/20 2:0 p.m.156 views

CVE-2017-7692

CVE-2017-7692 affects SquirrelMail up to 1.4.22 (and likely older in SVN builds) where the sendmail delivery path mishandles a user-controlled sendmail.cf via a popen call. The root cause is the use of escapeshellcmd() in Deliver_SendMail.class.php/initStream, which fails to escape spaces, enabli...

9CVSS9AI score0.32156EPSS
In wildExploits7References8Affected Software1
Rows per page
Query Builder