Lucene search
K

773 matches found

Positive Technologies
Positive Technologies
added 2020/08/05 12:0 a.m.4 views

PT-2020-14207 · Lyft +1 · Envoy +1

Content removed...

7.5CVSS7.4AI score0.01375EPSS
Exploits0References5
Gitee
Gitee
added 2020/07/15 4:1 p.m.6 views

Exploit for Improper Resource Shutdown or Release in Microsoft

Web-Security-Note Record some common Web security sites 由于平常读过的文章以及遇到的比较好的开源项目都被渐渐遗忘了,所以利用这个项目来记录一下,以便查阅。 目录: - CTF - Online-Tools - 漏洞环境 - 信息搜集 - 工具 - 面经 - BypassWAF - WEB安全 - 漏洞挖掘 - 渗透测试 - 内网渗透 - 扫描器开发 - 开发 - 运维 CTF + CTF Time + Pwnhub + CTF论剑场 + 南京邮电大学CTF平台 + Whale CTF + JarvisOJ + Hackme CTF ...

7.2CVSS6.5AI score0.73721EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2020/07/15 12:0 a.m.137 views

SAP NetWeaver AS Java Multiple Vulnerabilities

The version of SAP NetWeaver AS Java detected on the remote host may be affected by multiple vulnerabilities, as referenced in SAP Security Note 2934135. - LM Configuration Wizard of SAP NetWeaver AS JAVA, does not perform an authentication check which allows an attacker without prior...

10CVSS7.9AI score0.94719EPSS
Exploits7References4
OSV
OSV
added 2020/05/08 6:15 p.m.4 views

UBUNTU-CVE-2018-20225

An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...

7.8CVSS6.7AI score0.01736EPSS
Exploits0References4
Prion
Prion
added 2020/03/09 2:15 p.m.14 views

Design/Logic Flaw

nwbcext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbcext2int/ URI...

4CVSS6.9AI score0.00617EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/09 1:34 p.m.20 views

CVE-2015-7968

nwbcext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbcext2int/ URI...

6.4CVSS4.6AI score0.00617EPSS
Exploits1References1
OSV
OSV
added 2019/07/15 4:15 a.m.1 views

DEBIAN-CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

5.3CVSS6.2AI score0.0322EPSS
Exploits1References1
NVD
NVD
added 2019/03/12 10:29 p.m.22 views

CVE-2019-0271

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

6.5CVSS6.5AI score0.01435EPSS
Exploits0References5
Prion
Prion
added 2019/03/12 10:29 p.m.17 views

Xxe

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

4CVSS6.5AI score0.01435EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2019/03/12 10:0 p.m.24 views

CVE-2019-0271

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

6.5AI score0.01435EPSS
Exploits0References5
CVE
CVE
added 2019/03/12 10:0 p.m.55 views

CVE-2019-0271

CVE-2019-0271 affects ABAP Server (NetWeaver/Suite/ERP) and ABAP Platform. The vulnerability is an XML External Entity (XEE) issue caused by insufficient validation of XML documents from untrusted sources, enabling potential manipulation via external entities. Affected ranges: ABAP Server 7.00–7....

6.5CVSS6.5AI score0.01435EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2018/04/24 8:29 p.m.28 views

CVE-2013-7245

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...

7.5CVSS7.6AI score0.01468EPSS
Exploits0References2
Prion
Prion
added 2018/04/24 8:29 p.m.16 views

Authentication flaw

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...

5CVSS7.3AI score0.01468EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/24 8:0 p.m.23 views

CVE-2013-7245

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...

7.5AI score0.01468EPSS
Exploits0References2
CVE
CVE
added 2018/04/24 8:0 p.m.41 views

CVE-2013-7245

The CVE-2013-7245 issue affects SAP Sybase ASE 15.7 Backup Server component prior to SP51. The root cause is a failure to validate credentials, allowing remote attackers to bypass access restrictions and perform database dumps. Impact is exposure of data via unauthorized dumps; no exploitation de...

7.5CVSS7.5AI score0.01468EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2018/04/24 11:5 a.m.16 views

perpustakaan.undiksha.ac.id XSS vulnerability

Open Bug Bounty ID: OBB-607581 Description| Value ---|--- Affected Website:| perpustakaan.undiksha.ac.id Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
OSV
OSV
added 2018/04/11 8:29 p.m.4 views

CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

8.8CVSS6.5AI score
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.22 views

Solaris 10 (x86) : 120665-01

SunOS 5.10x86: tl driver patch. Date this patch was last updated by Sun : Sep/15/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

2.1CVSS7AI score0.00375EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.20 views

Solaris 10 (sparc) : 137204-31

Messaging Server 64bit 7.0.5.31.0: core patch. Date this patch was last updated by Sun : Jun/02/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

3.5CVSS6.7AI score0.01369EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.19 views

Solaris 10 (x86) : 150118-01

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent...

3.8CVSS5.4AI score0.00304EPSS
Exploits0References2
Rows per page
Query Builder