Lucene search
K

444 matches found

RedHat Linux
RedHat Linux
added 2017/01/20 11:4 a.m.3 views

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

5.8CVSS7.3AI score0.01933EPSS
Exploits0References4
Metasploit
Metasploit
added 2016/10/27 1:46 a.m.60 views

Joomla Account Creation and Privilege Escalation

This module creates an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3. If an email server is configured in Joomla, an email will be sent to activate the account the account is disabled by default. This module requires Metasploit:...

9.8CVSS7.1AI score0.97426EPSS
Exploits15
OpenVAS
OpenVAS
added 2015/11/25 12:0 a.m.33 views

Cisco ASA DNS DoS Vulnerability (cisco-sa-20151021-asa-dns2)

A vulnerability in the DNS code of Cisco ASA may lead to a denial of service. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

7.8CVSS6.7AI score0.01908EPSS
Exploits0References1
NVD
NVD
added 2015/08/18 6:0 p.m.14 views

CVE-2015-5505

The HTTP Strict Transport Security HSTS module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impac...

6.8CVSS6.8AI score0.01622EPSS
Exploits0References6
CNVD
CNVD
added 2015/07/24 12:0 a.m.5 views

Unspecified Vulnerability in Gemalto SafeNet Luna HSM

Gemalto SafeNet Luna HSM is a suite of application and transaction security solutions for enterprise and government organizations from Gemalto USA. A security vulnerability exists in Gemalto SafeNet Luna HSM, and no detailed vulnerability details are available at this time...

1.3CVSS6.9AI score0.00434EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/23 9:29 a.m.4 views

docker: volume mounts allow LSM profile escalation

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

3.6CVSS7.2AI score0.00567EPSS
Exploits0References4
CNVD
CNVD
added 2015/05/11 12:0 a.m.1 views

Docker /proc/ file write vulnerability

Docker is an open-source application container engine that allows developers to package their applications, along with dependency packages, into a portable container and then distribute it to any popular Linux machine, also enabling virtualization. Docker handles volume mounts with a security...

6.6AI score
Exploits0References1
Metasploit
Metasploit
added 2015/04/15 10:10 p.m.40 views

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

This module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003 and CAS 2007, 2010, and 2013 servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA ...

7AI score
Exploits0
CNVD
CNVD
added 2015/03/27 12:0 a.m.1 views

Multiple Websense Product Data Security Module Page Cross-Site Scripting Vulnerabilities

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. Multiple Websense product data security module page cross-site scripting vulnerabilities due to the program failing to properly filter user-supplied input. The...

6.8AI score
Exploits0References1
Fedora
Fedora
added 2015/03/21 4:58 a.m.11 views

[SECURITY] Fedora 22 Update: python-urllib3-1.10.2-1.fc22

Python HTTP module with connection pooling and file POST abilities...

0.2AI score
Exploits0
myhack58
myhack58
added 2014/07/17 12:0 a.m.17 views

Detours to modify the paragraph properties of vulnerability-vulnerability warning-the black bar safety net

Detours to modify the paragraph properties of the vulnerability Affected Software and systems Detours3. 0 and previous versions Description This issue will be its positioning as a vulnerability may be less suitable, the more likely that Detours a BUG, but because the defect will cause the exploit...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

DS3 Authentication Server - Multiple Vulnerabilities

No description provided by source. Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt =============================== - Advisory - =============================== Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues Risk: High Date:...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/03/03 2:24 p.m.8 views

Apple Updates iOS Security Guide

Apple rarely offers anyone a glimpse inside its walled-off security garden. The last time it did was in the spring of 2012 when it released a detailed paper on the security of its iOS operating system for iPhones and iPads. The company also presented a much-anticipated if not anticlimactic...

0.5AI score
Exploits0References7
NVD
NVD
added 2013/08/28 10:55 p.m.16 views

CVE-2013-2197

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service CPU consumption via a large number of failed login attempts...

4.3CVSS9.1AI score0.01336EPSS
Exploits0References4
Metasploit
Metasploit
added 2013/06/21 10:31 p.m.51 views

Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation

This module exploits a flaw in the nwfs.sys driver to overwrite data in kernel space. The corruption occurs while handling ioctl requests with code 0x1438BB, where a 0x00000009 dword is written to an arbitrary address. An entry within the HalDispatchTable is overwritten in order to execute...

6.9CVSS7.8AI score0.05481EPSS
Exploits1
Packet Storm
Packet Storm
added 2013/06/03 12:0 a.m.37 views

DS3 Authentication Server Command Execution

Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt =============================== - Advisory - =============================== Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues Risk: High Date: 27.May.2013 Author: Pedro Andujar .:...

0.8AI score
Exploits0
Prion
Prion
added 2013/04/12 10:55 p.m.24 views

Design/Logic Flaw

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module XSM is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to injec...

4.4CVSS7AI score0.00401EPSS
Exploits0References13Affected Software1
Xen Project
Xen Project
added 2013/04/04 5:54 p.m.79 views

Potential use of freed memory in event channel operations

ISSUE DESCRIPTION Wrong ordering of operations upon extending the per-domain event channel tracking table can cause a pointer to freed memory to be left in place, when the hypervisor is under memory pressure and XSM Xen Security Module is enabled. IMPACT Malicious guest kernels could inject...

4.4CVSS0.8AI score0.00401EPSS
Exploits0Affected Software1
Prion
Prion
added 2012/09/12 11:55 p.m.11 views

Design/Logic Flaw

The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances ASA devices, and Prime Security Manager aka PRSM before 9.0.2-103, allows remote attackers to cause a denial of service disk consumption and application hang via unspecified IPv4 packets that trigger...

7.8CVSS7.2AI score0.01895EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2012/09/12 11:0 p.m.21 views

CVE-2012-4629

The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances ASA devices, and Prime Security Manager aka PRSM before 9.0.2-103, allows remote attackers to cause a denial of service disk consumption and application hang via unspecified IPv4 packets that trigger...

6.7AI score0.01895EPSS
Exploits0References2
Rows per page
Query Builder