Lucene search
K

130 matches found

OSV
OSV
added 2017/05/06 12:0 p.m.42 views

RUSTSEC-2017-0005 Large cookie Max-Age values can cause a denial of service

Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...

7.5CVSS7.3AI score0.01485EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2017/04/13 12:0 a.m.5 views

PT-2017-9755 · Moxa · Moxa Awk-3131A Wireless Ap

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3131A Wireless AP version 1.1 Description: An exploitable nonce reuse vulnerability exists in the Web Application functionality. The device uses one nonce for all session authentication requests and only changes the nonce if the web...

8.1CVSS6.1AI score0.01353EPSS
Exploits2References3
myhack58
myhack58
added 2016/05/16 12:0 a.m.28 views

PayPal Deposit major vulnerability, 1 0 seconds no need to verify stolen brush Bank card within the amount-vulnerability warning-the black bar safety net

! Usually online often see Alipay stolen brush cases, but from their very far, did not expect this thing but in this day are happening in my body. The genuineness, without warning. Only 1 0 seconds, I did not receive any input the verification code or Payment password in the process, the Bank car...

7.4AI score
Exploits0
Oracle linux
Oracle linux
added 2016/05/12 12:0 a.m.74 views

ntp security and bug fix update

4.2.6p5-10 - don't accept server/peer packets with zero origin timestamp CVE-2015-8138 - fix crash with reslist command CVE-2015-7977, CVE-2015-7978 4.2.6p5-9 - fix crash with invalid logconfig command CVE-2015-5194 - fix crash when referencing disabled statistic type CVE-2015-5195 - don't hang i...

5CVSS0.9AI score0.12282EPSS
Exploits2
hackapp
hackapp
added 2016/04/01 10:11 a.m.16 views

94 Seconds: category word game - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application 94 Seconds: category word game published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2015/11/19 3:59 a.m.35 views

Moderate: Red Hat Security Advisory: chrony security, bug fix, and enhancement update

Updated chrony packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

6.5CVSS7AI score0.03439EPSS
Exploits0References10
Node.js
Node.js
added 2015/10/25 4:40 a.m.27 views

Regular Expression Denial of Service

Overview The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in. Proof of concept var jadedown = require'jadedown'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return...

5CVSS2.4AI score0.01151EPSS
Exploits1Affected Software1
seebug.org
seebug.org
added 2015/07/21 12:0 a.m.29 views

iSMCloud平台逻辑缺陷重置任意用户密码(官方账户测试/秒改)

简要描述: 绕过验证码秒改用户密码! 详细说明: 0x1:先用一个用户获取官方的邮箱。 [email protected] 就用这个用户来证明漏洞。 修改这个用户之前,我们先用自己的用户走一边正确的流程,为的就是获取正确的响应码。 获取正确的验证码,响应包返回如下。 "success":true,"msg":"resetpassword.jsp","errors":null,"resultData":null 漏洞证明: 0x2: 随意填入6位的验证码,无需获取验证码,下一步此时截断响应包,修改为正确的响应包。 跳到修改密码的界面,修改密码为wooyun123. 0x3:登陆验证。...

7.1AI score
Exploits0
OSV
OSV
added 2015/04/28 12:17 p.m.10 views

SUSE-SU-2015:0865-1 Security update for ntp

ntp was updated to fix two security related flaws as well as 'slew' mode handling for leap seconds. The following vulnerabilities were fixe: ntpd could accept unauthenticated packets with symmetric key crypto. CVE-2015-1798 ntpd authentication did not protect symmetric associations against DoS...

7.5CVSS8.1AI score0.05292EPSS
Exploits0References7
Kitploit
Kitploit
added 2014/02/21 7:39 p.m.14 views

[FGscanner] Find hidden contents using dictionary-like attack

FGscanner is a completely rewritten version of littlescanner script. FGscanner is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack with proxy and tor support. Quick reference for switches Usage: ./fgscan.pl --host=hostname...

7.4AI score
Exploits0References1
Rows per page
Query Builder