Lucene search
K

174 matches found

redhat
redhat
added 2020/09/29 10:31 p.m.377 views

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

10CVSS6.6AI score0.03552EPSS
Exploits1References17
redhat
redhat
added 2020/09/29 7:33 p.m.7 views

subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

6.5CVSS7.3AI score0.02422EPSS
Exploits0References5
osv
osv
added 2020/03/07 1:15 a.m.2 views

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

8.8CVSS8AI score0.18327EPSS
Exploits1References1
packetstorm
packetstorm
added 2019/12/06 12:0 a.m.86 views

Omron PLC 1.0.0 Denial Of Service

Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Google Dork: n/a Date: 2019-12-06 Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 : Unrestricted Externally Accessible Lock CVE :...

7.4AI score
Exploits0
prion
prion
added 2019/11/22 6:15 p.m.20 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the D-Link DSL-6740U gateway Rev. H1 allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to 1 Custom Services in Port Forwarding, 2...

6.8CVSS7.8AI score0.00988EPSS
Exploits0References2
cve
cve
added 2019/11/22 5:50 p.m.82 views

CVE-2013-6811

The CVE affects the D-Link DSL-6740U gateway (Rev. H1); multiple CSRF vulnerabilities allow remote attackers to hijack administrator sessions and perform changes to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings,...

8.8CVSS9AI score0.00988EPSS
Exploits0References2Affected Software1
osv
osv
added 2019/05/13 2:29 p.m.3 views

CVE-2018-19989

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...

9.8CVSS5.8AI score0.41606EPSS
Exploits2References1
osv
osv
added 2019/05/13 2:29 p.m.3 views

CVE-2018-19988

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...

9.8CVSS5.8AI score0.41606EPSS
Exploits2References1
prion
prion
added 2019/03/21 4:29 p.m.11 views

Sql injection

RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection...

6.5CVSS8.9AI score0.01246EPSS
Exploits1References1Affected Software1
cve
cve
added 2019/03/21 3:36 p.m.33 views

CVE-2019-6491

CVE-2019-6491 affects RISI Gestao de Horarios v3201.09.08 rev.23 and is a SQL injection vulnerability. CVSSv3 base score 8.8 (HIGH): NETWORK, LOW attack complexity, PRIVs LOW, no user interaction; impacts Confidentiality, Integrity, Availability (HIGH). CVSSv2 base 6.5 (MEDIUM). No remediation de...

8.8CVSS8.8AI score0.01246EPSS
Exploits1References1Affected Software1
ics
ics
added 2019/01/29 12:0 a.m.58 views

AVEVA Wonderware System Platform

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Wonderware System Platform Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User...

8.8CVSS9AI score0.01364EPSS
Exploits0References5
cvelist
cvelist
added 2018/12/13 2:0 p.m.17 views

CVE-2018-7691 MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center SSC, versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access...

6.5CVSS6.4AI score0.07234EPSS
Exploits4References2
carbonblack
carbonblack
added 2018/11/09 3:26 p.m.65 views

Carbon Black’s Susan An Named to Rev Boston’s 2018 Top 20 Women List

It is a great honor to announce that Rev Boston recently listed Susan An, Senior Director of Corporate Sales at Carbon Black, on its annual ‘Top 20 Women’ list. Susan is part of the fourth cohort of women to be acknowledged by Rev Boston, an event and award recognizing the top women in technology...

7AI score
Exploits0
cvelist
cvelist
added 2018/09/20 7:0 p.m.17 views

CVE-2018-6504 MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability

A potential Cross-Site Request Forgery CSRF vulnerability has been identified in ArcSight Management Center ArcMC in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery CSRF...

8.8CVSS8.8AI score0.00572EPSS
Exploits0References1
cvelist
cvelist
added 2018/04/23 9:0 p.m.22 views

CVE-2018-6491 MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability

Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege...

8.1CVSS9.4AI score0.01013EPSS
Exploits0References2
prion
prion
added 2018/04/16 9:58 a.m.28 views

Design/Logic Flaw

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php...

4.3CVSS6AI score0.01151EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2018/04/16 6:0 a.m.28 views

CVE-2018-10106

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0aPOSTSERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZEDGROUP%3D1 request...

9.2AI score0.01966EPSS
Exploits1References1
cve
cve
added 2018/04/16 6:0 a.m.54 views

CVE-2018-10108

The CVE-2018-10108 entry covers a cross-site scripting (XSS) vulnerability in D-Link DIR-815 REV. B devices, reported to affect firmware up to DIR-815_REVB_FIRMWARE_PATCH_2.07.B01, specifically in the Treturn parameter of /htdocs/webinc/js/bsc_sms_inbox.php. Public sources in the connected data c...

6.1CVSS6.5AI score0.01151EPSS
Exploits1References1Affected Software1
cve
cve
added 2018/04/16 6:0 a.m.58 views

CVE-2018-10107

Affected product: D-Link DIR-815 Rev. B (firmware through 2.07.B01). Vulnerable component: /htdocs/webinc/js/info.php, specifically the RESULT parameter, due to inadequate input/page protection that enables cross-site scripting. Impact: an attacker could exploit the XSS to obtain authentication c...

6.1CVSS6.5AI score0.01151EPSS
Exploits1References1Affected Software1
openbugbounty
openbugbounty
added 2018/03/26 10:1 a.m.17 views

victorsport.com XSS vulnerability

Open Bug Bounty ID: OBB-591840 Description| Value ---|--- Affected Website:| victorsport.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Rows per page
Query Builder