Lucene search
+L

86 matches found

openvas
openvas
added 2021/09/08 12:0 a.m.20 views

Docker 1.3.x < 1.3.2 Container Escalation Vulnerability

Docker is prone to a container escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

5CVSS8.2AI score0.03138EPSS
Exploits0References1
veracode
veracode
added 2021/07/22 5:50 a.m.39 views

Insecure SSL Configuration

curl uses insecure SSL configurations. The curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options and could potentially reuse a connection that is less secure or uses different security options such as capath, cainfo or certificate/issuer pinning...

3.7CVSS2.1AI score0.0627EPSS
Exploits1References21Affected Software7
hackerone
hackerone
added 2021/06/11 3:47 a.m.78 views

curl: CVE-2021-22924: Bad connection reuse due to flawed path name checks

Summary: Curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options or not. The idea is to avoid reusing a connection that uses less secure, or completely different security options such as capath, cainfo or certificate/issuer pinning. Unfortunately...

4.3CVSS5.7AI score0.0627EPSS
Exploits1
rocky
rocky
added 2020/07/21 2:13 p.m.13 views

container-tools:2.0 bug fix update

An update is available for udica, toolbox, python-podman-api, slirp4netns, containernetworking-plugins, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

1.2AI score
Exploits0
hackerone
hackerone
added 2019/12/27 11:7 p.m.75 views

Nextcloud: Remote code execution via path traversal in Zip extraction in the Extract app

I realise this doesn't qualify for a reward, as it's a vulnerability in a third-party app, but as the app is part of the "official" VM image provided by Hansson IT, I think it's well worth fixing. The Extract app doesn't validate the path or filename of a zip file to be extracted, allowing an...

0.7AI score
Exploits0
openvas
openvas
added 2019/12/09 12:0 a.m.15 views

SYS.2.2.2.A10

Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Standard-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify...

7.3AI score
Exploits0References1
openvas
openvas
added 2019/11/18 12:0 a.m.13 views

SYS.2.2.3.A9

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

7.3AI score
Exploits0References1
akamaiblog
akamaiblog
added 2019/08/07 6:20 p.m.67 views

TOP 10 BEST PRACTICES FOR SECURING CLOUD WORKFLOWS

Cloud migration is a double-edged sword. While promising greater scalability, agility, and even new approaches to applications, it also introduces complexity--which means more security risk. Security vulnerabilities exposed in breach after breach have highlighted the risk that comes with the clou...

7.3AI score
Exploits0
wallarmlab
wallarmlab
added 2018/12/06 5:32 p.m.2551 views

RCE in PHP or how to bypass disable_functions in PHP installations

Today we will explore an exciting method to remotely execute code even if an administrator set disablefunctions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details...

8.5CVSS8.2AI score0.9523EPSS
Exploits6
kitploit
kitploit
added 2018/09/08 1:20 p.m.244 views

PEDA - Python Exploit Development Assistance For GDB

PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...

7.5AI score
Exploits0References1
exploitpack
exploitpack
added 2018/08/30 12:0 a.m.14 views

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - Username Denial of Service (PoC)

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - Username Denial of Service PoC Exploit Title: NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-08-30 Vendor Homepage: https://www.networkactiv.com/WebServer.html Softwar...

7.3AI score
Exploits0
zdt
zdt
added 2018/08/30 12:0 a.m.23 views

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - Username Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.networkactiv.com/WebServer.html Software Link: https://www.networkactiv.com/Dev/ Tested...

7.4AI score
Exploits0
openvas
openvas
added 2018/06/12 12:0 a.m.17 views

Microsoft Windows: User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode

This policy setting determines the behavior of the elevation prompt for accounts that have administrative credentials. C Microsoft Corporation 2017. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.3AI score
Exploits0References5
openvas
openvas
added 2018/06/12 12:0 a.m.37 views

Microsoft Windows: User Account Control: Detect application installations and prompt for elevation

This policy setting determines the behavior of application installation detection for the entire system. Some software might attempt to install itself after being given permission to run. The user may give permission for the program to run because the program is trusted. Then the user is prompted...

7.3AI score
Exploits0References6
openvas
openvas
added 2018/06/11 12:0 a.m.21 views

Microsoft Windows: Network access: Named Pipes that can be accessed anonymously

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnapipesaccessedanonym.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Network access: Named Pipes that can be accessed anonymously Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
openvas
openvas
added 2018/06/11 12:0 a.m.36 views

Microsoft Windows: Network access: Restrict anonymous access to Named Pipes and Shares

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnaanonymousaccesspipedshares.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Network access: Restrict anonymous access to Named Pipes and Shares Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...

7.3AI score
Exploits0
openvas
openvas
added 2018/06/11 12:0 a.m.39 views

Microsoft Windows: Network access: Let Everyone permissions apply to anonymous users

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnapermissionsanonymoususer.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Network access: Let Everyone permissions apply to anonymous users Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...

7.3AI score
Exploits0
openvas
openvas
added 2018/06/08 12:0 a.m.12 views

Microsoft Windows: Microsoft network client: Send unencrypted password to third-party SMB servers

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winncunencryptedpasswordsmb.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network client: Send unencrypted password to third-party SMB servers Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

7.3AI score
Exploits0
openvas
openvas
added 2018/06/08 12:0 a.m.54 views

Microsoft Windows: Microsoft network client: Digitally sign communications (always)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winncdigitallysigncommunicationsalways.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network client: Digitally sign communications always Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

7.3AI score
Exploits0
openvas
openvas
added 2018/06/08 12:0 a.m.15 views

Microsoft Windows: Microsoft network server: Digitally sign communications (always)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnssigncommunicationalways.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network server: Digitally sign communications always Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
Rows per page
Query Builder