Lucene search
+L

268 matches found

OSV
OSV
added 2017/05/11 2:30 p.m.6 views

CVE-2016-9097

The Symantec Advanced Secure Gateway ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only acce...

7.2CVSS5.8AI score0.02353EPSS
Exploits0References3
OSV
OSV
added 2017/04/20 12:0 a.m.6 views

UBUNTU-CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...

9.8CVSS7.2AI score0.0282EPSS
Exploits1References4
OSV
OSV
added 2016/12/11 3:0 a.m.4 views

DEBIAN-CVE-2016-9864

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and ...

7.5CVSS9.2AI score0.01684EPSS
Exploits0References1
0day.today
0day.today
added 2016/12/04 12:0 a.m.70 views

Android system_server Code Loading Bypass Vulnerability

Exploit for Android platform in category local exploits Android: Code loading bypasses in systemserver As of Android Nougat, a new set of SELinux rules have been added which are designed to prevent systemserver from loading arbitrary code into its address-space. This has been enforced by adding t...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2016/11/28 3:18 p.m.22 views

CVE-2016-9639

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching...

9.1CVSS2.7AI score0.02581EPSS
Exploits0References1
CNVD
CNVD
added 2016/11/10 12:0 a.m.65 views

Phoenix Contact ILC Security Bypass Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. A security bypass vulnerability exists in the Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to access read and write PLC...

7.5CVSS7AI score0.11199EPSS
Exploits4References1
Mageia
Mageia
added 2016/05/18 8:14 p.m.54 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: An out-of-bounds flaw was found in the QEMU emulator built using 'addressspacetranslate' to map an address to a MemoryRegionSection. The flaw could occur while doing pcidmaread/write calls, resulting in an out-of-bounds read-write access error. ...

9.8CVSS8.7AI score0.06336EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2016/05/11 12:0 a.m.50 views

CentOS 7 : qemu-kvm (CESA-2016:0724)

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.8CVSS7.9AI score0.00916EPSS
Exploits0References2
Samba
Samba
added 2016/04/12 12:0 a.m.410 views

SAMR and LSA man in the middle attacks possible

The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call DCERPC protocol. These protocols ar...

6.8CVSS2.3AI score0.3693EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/02/08 12:0 a.m.48 views

Debian Security Advisory DSA 3471-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...

9.3CVSS1AI score0.0773EPSS
Exploits4References1
Elastic
Elastic
added 2015/11/18 10:46 p.m.7 views

Kibana Cross-site Request Forgery CVE-2015-8131

CVE: CVE-2015-8131 Affected versions: All versions up to and including 4.1.2 and 4.2.0. The vulnerability is a cross-site request forgery CSRF or XSRF that could allow an attacker to read and write changes to the .kibana index or gain read and write access to Kibana plugin actions. Remediation: A...

6.8CVSS6.9AI score0.0088EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/11 12:0 a.m.49 views

[CVE-2014-7301] SGI Tempo System Database Password Exposure

SGI Tempo System Database Password Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7301 Author: John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It i...

6.8AI score0.00512EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/12/10 12:0 a.m.50 views

SGI Tempo Database Password Disclosure

SGI Tempo System Database Password Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7301 Author: John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It i...

6.6AI score0.00512EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2012/03/27 12:0 a.m.55 views

Ubuntu 11.10 : linux vulnerabilities (USN-1405-1)

Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in the Linux kernel's ext4 file system wh...

7.8CVSS6.2AI score0.02678EPSS
Exploits7References9
OpenVAS
OpenVAS
added 2012/03/07 12:0 a.m.39 views

Ubuntu: Security Advisory (USN-1388-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.4AI score0.02678EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2009/05/20 12:0 a.m.2 views

PT-2009-4203 · Netmechanica · Netdecision Tftp Server

Name of the Vulnerable Software and Affected Versions: NetMechanica NetDecision TFTP Server version 4.2 Description: The issue allows remote attackers to read or modify arbitrary files via directory traversal sequences in the 1 GET or 2 PUT command. Recommendations: For NetMechanica NetDecision...

10CVSS6.5AI score0.5451EPSS
Exploits7References8
Fedora
Fedora
added 2008/02/16 2:9 a.m.34 views

[SECURITY] Fedora 8 Update: scponly-4.6-10.fc8

scponly is an alternative 'shell' for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications...

8.5CVSS4.2AI score0.04362EPSS
Exploits1
Fedora
Fedora
added 2007/09/25 3:42 p.m.24 views

[SECURITY] Fedora 7 Update: ntfs-3g-1.913-2.fc7

The ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS driver. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right. Technically it=E2=80=99s based on and a major improvement to th...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/11 12:0 a.m.24 views

TFTP Server TFTPDWin 0.4.2 - Directory Traversal

source: https://www.securityfocus.com/bid/23937/info TFTP Server TFTPDWIN is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to gain read/write access to privileged directories and files. TFT...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.29 views

Linksys Router Default Password (HTTP)

This Linksys Router has the default password set for the web administration console. SPDX-FileCopyrightText: 2002 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.6AI score
Exploits0
Rows per page
Query Builder