Lucene search
K

9889 matches found

Cisco
Cisco
added 2016/01/13 4:0 p.m.37 views

Cisco Identity Services Engine Unauthorized Access Vulnerability

Cisco Identity Services Engine versions prior to 2.0 contain a vulnerability that could allow a low-privileged authenticated, remote attacker to access specific web resources that are designed to be accessed only by higher-privileged administrative users. The vulnerability occurs because specific...

6.3CVSS6.6AI score0.01455EPSS
Exploits0References1
erpscan
erpscan
added 2016/01/11 12:0 a.m.26 views

SAP Hostcontrol remote DOS

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2016/01/06 1:16 a.m.22 views

Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection

Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/01/06 1:16 a.m.22 views

Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection

Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...

0.2AI score
Exploits0
CNVD
CNVD
added 2015/12/18 12:0 a.m.4 views

IBM Mashups Center Denial of Service Vulnerability

IBM Mashups Center is a suite of platforms for business and IT people to create, publish, modify and share Web applications from IBM in the United States. A denial of service vulnerability exists in IBM Mashups Center. An attacker can exploit this vulnerability to consume CPU resources and cause ...

7.7CVSS8.9AI score0.02589EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/12/14 12:0 a.m.37 views

qemu -- denial of service vulnerability in USB EHCI emulation support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interfaceEHCI and a respective device driver. These two communicate via a isochronous...

5.5CVSS6.9AI score0.00477EPSS
Exploits0References3
seebug.org
seebug.org
added 2015/12/09 12:0 a.m.44 views

OpenMRS 2.3 (1.11.4) - 文件泄漏漏洞

No description provided by source. OpenMRS 2.3 1.11.4 Local File Disclosure Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2015/12/06 10:51 p.m.20 views

Waldo - Multithreaded Directory and Subdomain Bruteforcer

Waldo is a lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. It can be used to locate hidden web resources and undiscovered subdomains of the specified target. Key Features Quickly and easily generate a list of all subdomains of target domain Discover hidden...

7.4AI score
Exploits0References2
Prion
Prion
added 2015/11/25 8:59 p.m.17 views

Directory traversal

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/...

5CVSS6.9AI score0.03156EPSS
Exploits0References3Affected Software2
Cisco
Cisco
added 2015/11/23 4:0 p.m.39 views

Cisco Virtual Topology System TCP Connection Functionality Denial of Service Vulnerability

A vulnerability in TCP connection handling by Cisco Virtual Topology System VTS devices could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service DoS condition due to high CPU and memory utilization. The vulnerability is due to a lack of rate limiting in t...

5CVSS6.9AI score0.01867EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2015/11/23 12:0 a.m.63 views

net-snmp security and bug fix update

1:5.7.2-24 - Fixed lmSensorsTable not reporting sensors with duplicate names 1252053 - Fixed close overhead of extend commands 1252048 - Fixed out-of-bounds write in python code 1252034 1:5.7.2-23 - Fixed parsing of invalid variables in incoming packets 1248414 - Fixed...

5CVSS1.7AI score0.04619EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.6 views

Vulnerability of Firefox and Firefox ESR browsers, which allows attackers to circumvent existing access restrictions

The vulnerability of Firefox and Firefox ESR browsers is related to the improper use of shared resources between different sources. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions by avoiding the check-step during requests...

7.5CVSS7.7AI score0.02841EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2015/11/19 3:39 a.m.73 views

Moderate: Red Hat Security Advisory: file security and bug fix update

Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

7.5CVSS6.8AI score0.20805EPSS
Exploits3References23
CNVD
CNVD
added 2015/11/12 12:0 a.m.4 views

QEMU hw/virtio/virtio.c Denial of Service Vulnerability

QEMU is an open source emulator software. With virtio-net support enabled in QEMU, a security vulnerability in the hw/virtio/virtio.c handling could allow a remote attacker to exhaust client network resources, resulting in a denial of service...

5CVSS7.8AI score0.04935EPSS
Exploits0References1
Citrix
Citrix
added 2015/11/09 12:0 a.m.13 views

How to Add SQL Database Connections to XenMobile Server

This article describes how to add / increase additional SQL database connections from XenMobile. By default XenMobile Server 10.x has 50 database connections to SQL database. Note: Please be sure that your SQL Server has enough resources RAM & CPU to handle the additional load on the server prior...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2015/11/03 8:9 p.m.39 views

Shopify: SVG parser loads external resources on image upload

Uploading SVG that include will cause the server side parser to try to fetch external resources. I've tested in two ways. Creating an svg with an external loaded public google image that was rendered perfectly. Also tested a private server with nc and created an svg that uses xlink for private ur...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2015/10/30 10:19 a.m.27 views

CVE-2007-1581

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hashupdatefile function via a userspace 1 error or 2 stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PH...

9.3CVSS8.2AI score0.07917EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2015/10/30 9:30 a.m.14 views

CVE-2011-0528

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors...

5.5CVSS6.5AI score0.01652EPSS
Exploits0References2
CNVD
CNVD
added 2015/10/22 12:0 a.m.4 views

Unspecified Vulnerability in Oracle PeopleSoft Products (CNVD-2015-06956)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle. An unspecified vulnerability exists in Oracle PeopleSoft Products 9.2. It allows a remote, authenticated user to affect confidentiality via vector fin resources related to management security...

4CVSS6.5AI score0.01368EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/10/06 12:0 a.m.9 views

The vulnerability of the Firefox browser, which allows a hacker to execute arbitrary code or trigger a service failure.

The vulnerability of the WorkerPrivate::NotifyFeatures function in the Firefox browser is caused by synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure due to errors in the implementation ...

6.8CVSS8.2AI score0.03019EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder