Lucene search
+L

592 matches found

Veracode
Veracode
added 2019/05/16 1:42 a.m.27 views

Server-Side Request Forgery (SSRF)

App Studio millicore is vulnerable to server-side request forgery SSRF attacks. An attacker could exploit a flaw in the externalrequest api call. This allows an attacker to probe the network internal resources, and access restricted endpoints which leads to a disclosure of information...

6.3CVSS8.9AI score0.00699EPSS
Exploits0References7Affected Software6
0day.today
0day.today
added 2019/01/11 12:0 a.m.298 views

systemd-journald Memory Corruption / Information Leak Vulnerability

This is a thorough analysis of how Qualys approached exploiting three vulnerabilities in systemd-journald. Although they have not released formal exploits yet, they detail in here is useful in understanding the flaws. Qualys Security Advisory System Down: A systemd-journald exploit...

7.2AI score0.14806EPSS
Exploits9
RedHat Linux
RedHat Linux
added 2018/09/04 6:25 a.m.5 views

glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file...

6.5CVSS7.4AI score0.02093EPSS
Exploits0References4
CNVD
CNVD
added 2018/08/09 12:0 a.m.17 views

Siemens Automation License Manager Information Disclosure Vulnerability

Siemens Automation License Manager is a Siemens system for processing remote and local licenses for HMI, SCADA and industrial products. An information disclosure vulnerability exists in Siemens Automation License Manager version 5 prior to 5.3.4.4, which can be exploited by sending specially...

5.8CVSS5.8AI score0.01273EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2018/04/16 12:0 a.m.102 views

gcc security, bug fix, and enhancement update

4.8.5-28.0.1 - Orabug: 27557686 Egeyar Bagcioglu - Introduce 'oraclerelease' into .spec file. Echo it to gcc/DEV-PHASE. 4.8.5-28 - Minor testsuite fixes to clean up test results 1469697 - retpoline support for spectre mitigation 1535655 4.8.5-27 - bump for rebuild with RELRO enabled even for...

4CVSS1AI score0.00442EPSS
Exploits0
CNVD
CNVD
added 2018/03/18 12:0 a.m.3 views

xml entity injection vulnerability in CLTPHP version 5.5.3

CLTPHP is a content management system developed in ThinkPHP with the Layui framework in the backend. CLTPHP version 5.5.3 has an XML entity injection vulnerability in the program implementation, which can be exploited by attackers to read arbitrary files, execute system commands, probe intranet...

7.5AI score
Exploits0
Prion
Prion
added 2017/09/29 1:34 a.m.16 views

Server side request forgery (ssrf)

The externalrequest api call in App Studio millicore allows server side request forgery SSRF. An attacker could use this flaw to probe the network internal resources, and access restricted endpoints...

6.5CVSS7.7AI score0.00699EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/07/18 12:0 a.m.2 views

phpbb server-side request forgery vulnerability

phpBB is phpBB group developed a set of open-source use of PHP language development of Web forum software . The software has support for multiple languages , support for multiple databases and customized layout and so on. phpBB server-side request forgery vulnerability exists. Attackers can use...

7.1AI score
Exploits0References1
Citrix
Citrix
added 2017/06/28 12:0 a.m.10 views

How to resolve "Failed to probe partitions from virtual disk" error while importing an OS Layer

When importing an OS layer, you get this error: Failed to attach the disk /mnt/repository/Unidesk/OsImport Disks/Windows 10.vhd. Failed to probe partitions from virtual disk This is most often seen when importing a XenServer Windows 10 Gold VM that was exported as an OVF. However, it could happen...

7AI score
Exploits0
Citrix
Citrix
added 2017/04/06 12:0 a.m.9 views

Error: "StoreFront Store Service Probe Failed" While Using Citrix SCOM Management Pack for StoreFront

While using the Citrix SCOM Management Pack for StoreFront MPSF, you might come across an error, StoreFront Store Service Probe failed, that triggers an alert in the SCOM Console. Let’s troubleshoot and understand the possible causes and solutions for this error. Possible reasons for this issue...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2017/03/30 3:39 p.m.22 views

Information Exposure in JUnit Report Macro

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-52112. panel The JUnit Report Macro throws different error messages for the url parameter code:java file:///no/file/herecode...

2.8AI score
Exploits0Affected Software1
OSV
OSV
added 2017/02/13 3:59 p.m.2 views

CVE-2016-8495

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle MITM attack via the Fortisandbox devices probing feature...

7.4CVSS5.8AI score0.00899EPSS
Exploits0References3
CNVD
CNVD
added 2016/08/01 12:0 a.m.5 views

SSRF Vulnerability in OpenSNS Social System

OpenSNS is a lightweight social user-centered framework based on OneThink for ... An SSRF vulnerability exists in /Public/js.php in OpenSNS Social System due to the program failing to adequately filter data. An attacker is allowed to exploit the vulnerability to probe intranet information...

6.8AI score
Exploits0
0day.today
0day.today
added 2016/07/21 12:0 a.m.41 views

Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal Shellcode (84, 1

include include //| //| Exploit Title: linux x8664 Subtle Probing Reverse Shell, Timer, Burst, Password, multi-Terminal 84, 122, 172 bytes //| Date: 07/20/2016 //| Exploit Author: CripSlick //| Tested on: Kali 2.0 Linux x8664 //| Version: No program being used or exploited; I only relied syscalls...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/07/11 12:0 a.m.436 views

Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172

include include // Exploit Title: Continuously-Probing Reverse Shell via Socket + port-range + password 172 bytes // Date: 07/10/2016 // Exploit Author: CripSlick // Tested on: Kali 2.0 // Version: No program being used or exploited; I only relied on syscalls...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/14 12:0 a.m.54 views

FreeBSD : openssh -- command injection when X11Forwarding is enabled (e4644df8-e7da-11e5-829d-c80aa9043978)

The OpenSSH project reports : Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1. Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth...

6.4CVSS7.2AI score0.37016EPSS
Exploits13References3
FreeBSD
FreeBSD
added 2016/03/11 12:0 a.m.86 views

openssh -- command injection when X11Forwarding is enabled

The OpenSSH project reports: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1. Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth comman...

6.4CVSS7.1AI score0.37016EPSS
Exploits13References1
Tenable Nessus
Tenable Nessus
added 2015/10/16 12:0 a.m.216 views

Ethernet MAC Addresses

This plugin gathers MAC addresses discovered from both remote probing of the host e.g. SNMP and Netbios and from running local checks e.g. ifconfig. It then consolidates the MAC addresses into a single, unique, and uniform list. TRUSTED...

5.4AI score
Exploits0
Oracle linux
Oracle linux
added 2015/07/28 12:0 a.m.130 views

kernel security, bug fix, and enhancement update

2.6.32-573 - security selinux: dont waste ebitmap space when importing NetLabel categories Paul Moore 1130197 - x86 Revert Add driver auto probing for x86 features v4 Prarit Bhargava 1231280 - net bridge: netfilter: dont call iptables on vlan packets if sysctl is off Florian Westphal 1236551 - ne...

7.2CVSS0.2AI score0.04517EPSS
Exploits4
Metasploit
Metasploit
added 2014/09/18 7:31 p.m.16 views

UDP Empty Prober

Detect UDP services that reply to empty probes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UDP Empty Prober', 'Description' = 'Detect UDP services that reply to empty probes', 'Author' = 'J...

7.3AI score
Exploits0
Rows per page
Query Builder