Lucene search
K

62 matches found

patchstack
patchstack
added 2020/12/11 12:0 a.m.13 views

WordPress Ultimate Category Excluder plugin <= 1.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by SCA AppSec Checkmarx in WordPress Ultimate Category Excluder plugin versions = 1.1. Solution Update the WordPress Ultimate Category Excluder plugin to the latest available version at least 1.2...

3.1AI score
Exploits0References1Affected Software1
osv
osv
added 2020/11/11 3:54 p.m.27 views

GHSA-4Q96-6XHQ-FF43 malicious SVG attachment causing stored XSS vulnerability

Impact An attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Patches Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 ha...

8.7CVSS7AI score0.01725EPSS
Exploits1References8
rapid7blog
rapid7blog
added 2020/10/22 1:16 p.m.23 views

What’s New in InsightAppSec and tCell: Q3 2020 in Review

Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...

7.5AI score
Exploits0
cve
cve
added 2020/08/26 11:45 p.m.45 views

CVE-2020-14729

The CVE-2020-14729 issue affects the SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite . Affected are versions before 2020.1.4. The vulnerability allegedly allows a low-privileged attacker with network access over HTTP to compromise NetSuite SCA, leading to unauthorized creation, de...

5.4CVSS4.6AI score0.00577EPSS
Exploits0References1Affected Software1
cve
cve
added 2020/08/26 11:45 p.m.45 views

CVE-2020-14728

CVE-2020-14728 affects Oracle NetSuite SuiteCommerce Advanced (SCA). Affected SCA versions include Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. The vulnerability is exposed via HTTP with network access, with low privileges and requires UI interaction. Root cause deta...

5.4CVSS4.8AI score0.00743EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2020/02/19 2:15 p.m.14 views

CVE-2014-2228

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages...

9.8CVSS9.8AI score0.03311EPSS
Exploits1References1
prion
prion
added 2020/02/19 2:15 p.m.18 views

Deserialization of untrusted data

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages...

7.5CVSS8.3AI score0.03311EPSS
Exploits1References1Affected Software1
cve
cve
added 2020/02/19 1:20 p.m.42 views

CVE-2014-2228

The CVE-2014-2228 issue affects the XStream extension in HP Fortify SCA prior to version 2.2 RC3, where unsafe deserialization of XML messages allows remote attackers to execute arbitrary code. The affected component is the XStream extension, with the root cause described as unsafe XML deserializ...

9.8CVSS9.7AI score0.03311EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2020/02/19 1:20 p.m.19 views

CVE-2014-2228

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages...

9.9AI score0.03311EPSS
Exploits1References1
cve
cve
added 2019/02/05 6:0 p.m.51 views

CVE-2017-1198

CVE-2017-1198 affects IBM BigFix Compliance 1.7–1.9.91 (TEMA SUAv1 SCA SCM). The underlying issue is that sensitive information is stored in URL parameters, enabling potential information disclosure if URLs are exposed in server logs, referrer headers, or browser history. The NVD entry notes expl...

5.3CVSS4.8AI score0.01197EPSS
Exploits0References2Affected Software1
cve
cve
added 2019/02/05 6:0 p.m.45 views

CVE-2017-1202

CVE-2017-1202 affects IBM BigFix Compliance 1.7–1.9.91 (TEMA SUAv1 SCA SCM). The vulnerability is HTML injection that could allow a remote attacker to inject HTML code, which would execute in the victim’s browser within the hosting site’s security context when viewed. No exploitation details or p...

5.4CVSS5.6AI score0.00849EPSS
Exploits0References2Affected Software1
qualysblog
qualysblog
added 2018/06/22 6:33 p.m.67 views

Qualys Cloud Platform (VM, SCA, PC) 8.14 New Features

This new release of the Qualys Cloud Platform VM, SCA, PC, version 8.14, includes several new feature improvements across the apps such as Wallix AdminBastion support, EC2 scan improvements, VM reporting improvements, ESX/ESXi PC support for vCenter, PC STIG Report, and expanded technology suppor...

0.3AI score
Exploits0
ibm
ibm
added 2018/06/15 7:2 a.m.23 views

Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176)

Summary The HTTP import binding in an SCA module can be configured with a reference to a SSL configuration that exists on the application server. The HTTP binding uses always the SSLv3 protocol variant regardless of the SSL protocol setting in the referenced SSL configuration. Vulnerability Detai...

4.3CVSS5.5AI score0.01822EPSS
Exploits0Affected Software3
seebug
seebug
added 2018/05/31 12:0 a.m.57 views

New multiOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-10706)

Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow, proxyOverflow, transferFlaw, ownerAnyone. Some of them could be used by attackers to generate tokens out of nowhere while others can be used to steal tokens from...

5CVSS1.8AI score0.0096EPSS
Exploits2
nvd
nvd
added 2018/05/10 5:29 p.m.23 views

CVE-2018-10706

An integer overflow in the transferMulti function of a smart contract implementation for Social Chain SCA, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue...

7.5CVSS7.6AI score0.0096EPSS
Exploits2References1
qualysblog
qualysblog
added 2018/03/22 10:27 p.m.76 views

Qualys Cloud Platform (VM, PC) 8.13 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.13, includes several new feature improvements across the apps such as the ability to test authentication records, as well as improvements to UDC’s and report options in Qualys Policy Compliance. Feature Highlights Qualys Cloud Platfo...

7.2AI score
Exploits0
cve
cve
added 2017/06/07 5:0 p.m.58 views

CVE-2017-1196

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 is affected by a weak default password policy (CVE-2017-1196). The issue, documented across multiple sources (NVD/Nessus/CNVD), states that the product does not require strong passwords by default, enabling an attacker to compromise user accounts ...

9.8CVSS8.9AI score0.01661EPSS
Exploits0References3Affected Software1
prion
prion
added 2014/12/16 11:59 p.m.19 views

Code injection

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which...

4.3CVSS6.5AI score0.01822EPSS
Exploits0References5Affected Software3
seebug
seebug
added 2009/08/19 12:0 a.m.12 views

IBM WebSphere Application Server Feature Pack for SCA安全绕过漏洞

IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server Feature Pack for SCA存在一个未明错误,没有被指派为scaAllAuthorizedUsers角色的恶意用户可绕过验证,获得对系统的访问。 IBM WebSphere Application Server Feature Pack for Service Component Architecture SCA 1.x 厂商解决方案 用户可联系供应商获得IBM WebSphere Application...

7AI score
Exploits0
nvd
nvd
added 2009/08/13 6:30 p.m.21 views

CVE-2009-0906

The Service Component Architecture SCA feature pack for IBM WebSphere Application Server WAS SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors...

6.5CVSS6.2AI score0.01205EPSS
Exploits0References4
Rows per page
Query Builder