CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Openbugbounty•added 2017/11/08 3:53 p.m.•13 views

run-down.com XSS vulnerability

Open Bug Bounty ID: OBB-401546 Description| Value ---|--- Affected Website:| run-down.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

6.4AI score

CNVD•added 2017/10/25 12:0 a.m.•1 views

Memory Corruption Vulnerability in Youku PC Player (CNVD-2017-35557)

Youku PC Player is video player software for Youku.com. A memory corruption vulnerability exists in YoukuNplayer.exe of Youku P Player when parsing special vob video files, which can be exploited by attackers to cause a denial of service or code execution...

7.6AI score

CNVD•added 2017/10/18 12:0 a.m.•1 views

Memory Corruption Vulnerability in WPS Forms (CNVD-2017-34136)

WPS Office is an office software suite developed independently by Kingsoft Corporation. A memory corruption vulnerability exists in formset.exe in WPS when parsing certain xls files, which can be exploited by an attacker to cause a denial of service or code execution...

7.6AI score

OSV•added 2017/10/14 11:29 p.m.•0 views

UBUNTU-CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

9.8CVSS7.7AI score0.93891EPSS

Exploits11References5

Filippo.io•added 2017/10/14 7:48 p.m.•60 views

Live streaming Cryptopals

tl;dr: I'm livecoding the Cryptopals in Go on Twitch, one set every Sunday. The recordings are on YouTube. Oh, wow. I love the idea. Would anyone here seriously watch 20 to 40 hours of me doing crypto, math and Go? Mic, screen, and everything. -- Filippo Valsorda @FiloSottile October 16, 2016...

7AI score

NVD•added 2017/10/13 1:29 p.m.•21 views

CVE-2017-11825

Microsoft Office 2016 Click-to-Run C2R and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability...

9.3CVSS7.7AI score0.32412EPSS

Cvelist•added 2017/10/13 1:0 p.m.•21 views

CVE-2017-11825

7.9AI score0.32412EPSS

Symantec•added 2017/10/10 12:0 a.m.•84 views

Microsoft Office CVE-2017-11825 Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...

9.3CVSS1AI score0.32412EPSS

Exploits0Affected Software1

Cvelist•added 2017/10/04 1:0 a.m.•15 views

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...

5.2AI score0.00038EPSS

CVE•added 2017/10/04 1:0 a.m.•68 views

CVE-2017-1000105

CVE-2017-1000105 affects Jenkins Blue Ocean: an optional Run/Artifacts permission can be enabled via a Java system property, and Blue Ocean did not verify this permission before granting access to archived artifacts, with Item/Read permission being sufficient. Several connected advisories note th...

5.3CVSS5.1AI score0.00038EPSS

Exploits0References1Affected Software1

OSV•added 2017/10/03 1:29 a.m.•3 views

CVE-2017-14757

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an...

8.8CVSS5.8AI score

Hacker One•added 2017/09/28 5:44 p.m.•13 views

██████: Remote Code Execution on Proxy Service (as root)

The proxy service used to provide researchers with access to certain programs on ██████ allows access to AWS's Metadata API. This Metadata API in turn is configured to expose temporary AWS access credentials for the AWS EC2 Run Command role. When this role is assumed by an AWS client e.g. the CLI...

1.4AI score

OSV•added 2017/09/22 2:29 p.m.•1 views

CVE-2017-3770

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system...

8.8CVSS5.8AI score

Positive Technologies•added 2017/09/22 12:0 a.m.•3 views

PT-2017-3830

Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 5.5.5 Apache Solr versions prior to 6.6.2 Apache Solr versions prior to 7.1.0 Apache Lucene versions prior to 7.1.0 Description The issue is related to the incorrect restriction of XML external entity references i...

9.8CVSS8.6AI score0.93891EPSS

Exploits11References62

Kitploit•added 2017/09/11 2:0 p.m.•31 views

NorkNork - Powershell Empire Persistence Finder

This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled Tasks Auto-run WMI subscriptions Security Support provider Ease of Access Center backdoors Machine account password disable INSTALL...

7.3AI score

Malwarebytes•added 2017/08/18 3:14 p.m.•118 views

Inside the Kronos malware – part 1

Recently, a researcher nicknamed MalwareTech famous from stopping the WannaCry ransomware got arrested for his alleged contribution to creating the Kronos banking malware. We are still not having a clear picture whether the allegations are true or not - but let's have a look at Kronos itself...

7.2AI score

OpenVAS•added 2017/08/18 12:0 a.m.•52 views

Microsoft Office 2013 APP-V ASLR Bypass Vulnerability (3118268)

This host is missing a critical security update according to Microsoft Bulletin MS16-107. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

4.3CVSS5AI score0.06542EPSS