Lucene search
+L

101 matches found

OSV
OSV
added 2021/04/29 6:15 p.m.4 views

CVE-2021-1488

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...

6.7CVSS5.8AI score0.00259EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.8 views

The vulnerability of the uip_process function in the Contiki OS allows a hacker to trigger a service failure.

The vulnerability of the uipprocess function in the Contiki OS system is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

8.5CVSS7.6AI score0.02751EPSS
Exploits0References6Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.6 views

The vulnerability of the zenone32.exe editor in the COPA-DATA SCADA system allows a intruder to execute arbitrary code.

The vulnerability of the zenone32.exe editor in the COPA-DATA SCADA system is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

7.8CVSS7.5AI score0.00345EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/09/18 6:42 p.m.26 views

CVE-2019-9678

Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X fo...

7.5AI score0.01045EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/07/11 12:0 a.m.6 views

The vulnerability in the UIProcess subsystem of the rendering module in WebKitGTK+ and WebKitGTK allows a attacker to cause a service failure or affect the confidentiality and integrity of the protected information.

The vulnerability of the UIProcess subsystem in display modules of WebKitGTK+ and WebKitGTK arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or compromise the confidentiality and integrity of...

10CVSS8AI score0.16113EPSS
Exploits4References5Affected Software5
myhack58
myhack58
added 2019/02/21 12:0 a.m.120 views

Type confusion vulnerability instance analysis-vulnerability warning-the black bar safety net

Type confusion vulnerability in General is the type of data A as data of Type B to resolve the reference, which may lead to illicit access to data and thus execute arbitrary code. This article by IE type confusion vulnerability examples and Word type confusion vulnerability examples for analysis,...

7.6CVSS6.8AI score0.80386EPSS
Exploits9
Veracode
Veracode
added 2019/01/15 9:12 a.m.34 views

Denial Of Service (DoS)

spice-server is vulnerable to denial of service. A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash t...

9.8CVSS9.4AI score0.08492EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2019/01/15 9:7 a.m.24 views

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service...

6.8CVSS6.9AI score0.03451EPSS
Exploits0References12Affected Software1
CNVD
CNVD
added 2018/02/08 12:0 a.m.6 views

Sandstorm Server-Side Request Forgery Vulnerability Vulnerability

Sandstorm is a personal cloud platform. The platform features file storage, application management, task and project management, and more. A server-side request forgery vulnerability exists in the install application process in versions prior to Sandstorm build 0.203. A remote attacker can exploi...

8.1CVSS7AI score0.02311EPSS
Exploits2References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.3 views

Cisco Spark Board Local Security Bypass Vulnerability

Cisco Spark Board is a dedicated tablet device for video conferencing from Cisco. A local security bypass vulnerability exists in the upgrade process in Cisco Spark Board, which arises from the program failing to adequately validate the upgrade package. A local attacker could exploit the...

4.4CVSS6.5AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2017/10/06 1:29 a.m.29 views

CVE-2017-14086

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with...

7.8CVSS7.8AI score0.07906EPSS
Exploits5References8
CVE
CVE
added 2017/09/01 5:0 a.m.58 views

CVE-2017-14102

CVE-2017-14102 affects MIMEDefang 2.80 and earlier. The vulnerability arises when a non-root process creates a PID file after dropping privileges, which could allow a local attacker with access to the non-root account to modify the PID file and kill an arbitrary process before a root script runs ...

7.8CVSS7.3AI score0.00358EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2015/05/26 3:59 p.m.5 views

DEBIAN-CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

6.8CVSS9.8AI score0.01087EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/01/21 7:0 p.m.23 views

CVE-2015-0421

Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process...

2.8AI score0.00386EPSS
Exploits0References7
0day.today
0day.today
added 2014/09/23 12:0 a.m.91 views

Glype Proxy 1.4.9 Cookie Jar Path Traversal / Code Execution / Filter Bypass

A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected. Glype Proxy version 1.4.9 suffers from a local address filer bypass...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/01/23 9:33 p.m.5 views

ipa: weakness when initiating join from IPA client can potentially compromise IPA domain

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority CA certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate...

7.9CVSS5.8AI score0.00557EPSS
Exploits0References5
myhack58
myhack58
added 2008/01/23 12:0 a.m.22 views

Sqlhello overflow process-vulnerability warning-the black bar safety net

Two days before the use of sqlhello overflow vulnerability tools with a local area network inside a colleague made a joke, made his win2k shell So also want to play about overflow. First with Delphi write a vulnerable program. If not check the input string length, then the input string length is...

0.2AI score
Exploits0
myhack58
myhack58
added 2006/06/28 12:0 a.m.21 views

Internet cafe billing King chain version of the break-vulnerability warning-the black bar safety net

Management software for“accounting Wang chain version”, it's never touched I like to play free, so we'll crack it. After my repeated attempts,“smart ABC”spill is a relatively simple and effective method. Speaking of this method, I am afraid that NO, a known to everybody. It can almost close all t...

Exploits0
Exploit DB
Exploit DB
added 2004/08/21 12:0 a.m.30 views

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message to the given email address. This email contains the users...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/09/15 12:0 a.m.21 views

SCO OpenServer 5.0.x - mana PATH_INFO Privilege Escalation

SCO OpenServer 5.0.x - mana PATHINFO Privilege Escalation source: https://www.securityfocus.com/bid/8618/info It has been reported that SCO OpenServer Inertnet Manager 'mana' process is prone to a privilege escalation issue allow local users to execute arbitrary code with elevated privileges. man...

1.1AI score
Exploits0
Rows per page
Query Builder