Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2024/02/01 8:51 p.m.24 views

Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects: - front-end forms with asset fields without any mime type validation - asset fields in the control panel - asset browser in the control panel Additionally, if the XSS is crafted in a specific...

8.2CVSS6.8AI score0.00734EPSS
Exploits1References5Affected Software1
ICS
ICS
added 2023/06/13 12:0 a.m.31 views

Siemens SICAM A8000 Devices

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

7.2CVSS8.1AI score0.47722EPSS
Exploits3References12
Packet Storm
Packet Storm
added 2020/02/26 12:0 a.m.134 views

PHP-Fusion CMS 9.03 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-site Scripting XSS Vulnerabilities product: PHP-Fusion CMS vulnerable version: 9 - 9.03 fixed version: 9.03.30 CVE number: - impact: Medium homepage:...

Exploits0
Packet Storm
Packet Storm
added 2019/12/02 12:0 a.m.278 views

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SALTO ProAccess SPACE vulnerable version: = v5.6 CVE number: CVE-2019-19457, CVE-2019-19458, CVE-2019-19459, CVE-2019-19460...

0.4AI score0.03508EPSS
Exploits6
Exploit DB
Exploit DB
added 2016/02/10 12:0 a.m.73 views

Yeager CMS 1.2.1 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Yeager CMS vulnerable version: 1.2.1 fixed version: 1.3 CVE number: CVE-2015-7567, CVE-2015-7568, CVE-2015-7569, CVE-2015-7570 ,...

9.8CVSS7.7AI score0.08439EPSS
Exploits9
exploitpack
exploitpack
added 2015/10/29 12:0 a.m.52 views

NetUSB - Kernel Stack Buffer Overflow

NetUSB - Kernel Stack Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title: NetUSB Kernel Stack Buffer Overflow Date: 9/10/15 Exploit Author: Adrian Ruiz Bermudo Vendor Homepage: http://www.kcodes.com/ Version: Multiple:...

10CVSS0.9AI score0.27906EPSS
Exploits7
0day.today
0day.today
added 2014/12/23 12:0 a.m.52 views

GParted 0.14.1 - OS Command Execution Vulnerability

Exploit for linux platform in category local exploits title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 applied CVE number: CVE-2014-7208 impact: medium homepage: http://gparted.org/ found: 2014-07 by: W. Ettlinge...

7.2CVSS0.2AI score0.01113EPSS
Exploits5
exploitpack
exploitpack
added 2014/06/09 12:0 a.m.33 views

WebTitan 4.01 (Build 68) - Multiple Vulnerabilities

WebTitan 4.01 Build 68 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WebTitan vulnerable version: 4.01 Build 68 fixed version: 4.04 impact: critic...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/04/23 12:0 a.m.52 views

WD Arkeia Virtual Appliance Directory Traversal / Command Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path Traversal/Remote Code Execution product: WD Arkeia Virtual Appliance AVA vulnerable version: All Arkeia Network Backup releases ASA/APA/AVA since 7.0.3. fixed versio...

7.5CVSS0.8AI score0.08828EPSS
Exploits6
0day.today
0day.today
added 2014/02/28 12:0 a.m.26 views

Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities

Plex Media Server versions 0.9.9.2.374-aa23a69 and below suffer from authentication bypass and local file disclosure vulnerabilities. title: Authentication bypass SSRF and local file disclosure product: Plex Media Server vulnerable version: =0.9.9.3 impact: Critical homepage: http://www.plex.tv...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/05/07 12:0 a.m.71 views

NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: NetApp OnCommand System Manager vulnerable version: = 2.1 and =2.0.2 fixed version: 2.2 only XSS fixed CVE: CVE-2013-3320 XSS...

6.1CVSS6.7AI score0.03547EPSS
Exploits2
F5 Networks
F5 Networks
added 2013/01/21 12:0 a.m.42 views

SOL14138 - XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column. Acknowledgements F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the...

4CVSS2.9AI score0.06443EPSS
Exploits2References7
CERT
CERT
added 2008/12/24 12:0 a.m.42 views

Microsoft SQL Server fails to properly validate parameters to the sp_replwritetovarbin extended stored procedure

Overview A vulnerability in the Microsoft SQL Server spreplwritetovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server. Description Some versions of Microsoft SQL Server contain a vulnerability in the spreplwritetovarbin stored...

9CVSS9.1AI score0.87036EPSS
Exploits12References7
Rows per page
Query Builder