Lucene search
K

118 matches found

nvd
nvd
added 2018/02/21 1:29 a.m.20 views

CVE-2018-7277

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

6.1CVSS6.3AI score0.0078EPSS
Exploits1References1
prion
prion
added 2018/02/21 1:29 a.m.15 views

Cross site scripting

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

4.3CVSS6.2AI score0.0078EPSS
Exploits1References1Affected Software2
osv
osv
added 2018/02/21 1:29 a.m.3 views

CVE-2018-7278

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

6.1CVSS5.8AI score0.0078EPSS
Exploits1References1
cvelist
cvelist
added 2018/02/21 1:0 a.m.28 views

CVE-2018-7278

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

6.3AI score0.0078EPSS
Exploits1References1
cve
cve
added 2018/02/21 1:0 a.m.40 views

CVE-2018-7278

The CVE-2018-7278 entry affects RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. The vulnerability is a persistent XSS in the web server, exploitable by remote attackers through the device’s BACnet implementation to inject arbitrary JavaScript. This is described across multiple sources (NVD...

6.1CVSS6.2AI score0.0078EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2018/02/21 1:0 a.m.19 views

CVE-2018-7277

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

6.3AI score0.0078EPSS
Exploits1References1
cve
cve
added 2018/02/21 1:0 a.m.32 views

CVE-2018-7277

CVE-2018-7277 affects RLE Wi-MGR/FDS-Wi 6.2 devices. A persistent XSS in the device web server, exploited via the BACnet implementation, allows remote attackers to inject malicious JavaScript. The issue is described as similar to a Cross Protocol Injection with SNMP. No explicit remediation or pa...

6.1CVSS6.2AI score0.0078EPSS
Exploits1References1Affected Software1
osv
osv
added 2018/01/08 3:29 a.m.5 views

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

5.4CVSS5.9AI score0.00809EPSS
Exploits1References1
prion
prion
added 2018/01/08 3:29 a.m.18 views

Cross site scripting

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

3.5CVSS5.6AI score0.00809EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2018/01/08 3:29 a.m.18 views

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

5.4CVSS5.6AI score0.00809EPSS
Exploits1References1
thn
thn
added 2017/02/21 6:25 a.m.18 views

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take...

7.5AI score
Exploits0
oraclelinux
oraclelinux
added 2016/11/09 12:0 a.m.65 views

python security, bug fix, and enhancement update

2.7.5-48.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-48 - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359164 2.7.5-47 - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.getdata Resolves: rhbz1356364 2.7.5-46 - Drop patch 2...

10CVSS0.5AI score0.26316EPSS
Exploits7
nessus
nessus
added 2016/06/22 12:0 a.m.74 views

Debian DLA-522-1 : python2.7 security update

CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of negotiating starttls but fails to respond with 220 ok to an explicit call of SMTP.starttls. This may...

10CVSS7.4AI score0.26316EPSS
Exploits7References5
debian
debian
added 2016/06/21 8:22 p.m.52 views

[SECURITY] [DLA 522-1] python2.7 security update

Package : python2.7 Version : 2.7.3-6+deb7u3 CVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of...

10CVSS7.9AI score0.26316EPSS
Exploits7
nessus
nessus
added 2015/03/31 12:0 a.m.27 views

Scientific Linux Security Update : postgresql on SL6.x, SL7.x i386/x86_64 (20150330)

An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the...

9.8CVSS7.2AI score0.05533EPSS
Exploits0References5
attackerkb
attackerkb
added 2014/06/05 3:44 p.m.3 views

CVE-2014-2051

ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."...

7.5CVSS5.6AI score0.01464EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2012/02/17 12:0 a.m.4 views

PT-2025-28648

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.43.7 Git versions prior to 2.44.4 Git versions prior to 2.45.4 Git versions prior to 2.46.4 Git versions prior to 2.47.3 Git versions prior to 2.48.2 Git versions prior to 2.49.1 Git versions prior to 2.50.1 Descriptio...

8.6CVSS8.9AI score0.02775EPSS
Exploits9References103
nessus
nessus
added 2011/06/09 12:0 a.m.37 views

RHEL 4 / 5 / 6 : cyrus-imapd (RHSA-2011:0859)

Updated cyrus-imapd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.8CVSS8.1AI score0.16334EPSS
Exploits1References4
Rows per page
Query Builder