Lucene search
K

90 matches found

NVD
NVD
added 2019/11/12 2:15 p.m.30 views

CVE-2019-18658

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service DoS via a special file such as /dev/urandom, via...

9.8CVSS9.5AI score0.01745EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/12 1:20 p.m.32 views

CVE-2019-18658

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service DoS via a special file such as /dev/urandom, via...

9.6AI score0.01745EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/04/02 12:0 a.m.62 views

Ektron CMS 9 Database Disclosure

Exploit Title : Ektron CMS 9 Database Disclosure Exploit Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 02/04/2019 Vendor Homepage : ektron.com episerver.com/products/platform/ektron/ Software Download Link :...

7.4AI score
Exploits0
Prion
Prion
added 2019/03/12 9:29 a.m.20 views

Cross site scripting

An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...

4.3CVSS5.4AI score0.01636EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2018/12/23 12:0 a.m.37 views

I is how to pass the ASP Secrets read Get 1. 7 million USD reward-vulnerability warning-the black bar safety net

ASP. NET application in the more common vulnerability is a local file disclosure. If you have never develop or use such technology, then the LFD exploit can be very difficult, and no practical effect. In this article, I describe how to attack a presence in the LFD vulnerability of the application...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.32 views

Joomla! 3.3.x < 3.7.3 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input with multibyte characters. An unauthenticated, remote attacker can exploit...

7.5CVSS6.9AI score0.02303EPSS
Exploits2References7
Prion
Prion
added 2017/10/13 4:29 p.m.23 views

Design/Logic Flaw

OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmrcontent objects, which are queryable and "editable...

6.5CVSS8.6AI score0.06639EPSS
Exploits4References3Affected Software1
Nmap
Nmap
added 2017/09/24 6:21 a.m.2952 views

http-trane-info NSE Script

Attempts to obtain information from Trane Tracer SC devices. Trane Tracer SC is an intelligent field panel for communicating with HVAC equipment controllers deployed across several sectors including commercial facilities and others. The information is obtained from the web server that exposes...

10CVSS9.3AI score0.99448EPSS
Exploits33
ThreatPost
ThreatPost
added 2017/05/02 9:5 a.m.12 views

Fuze Patches Bug That Exposed Recordings of Private Business Meetings

Fuze, an enterprise-grade voice and video collaboration platform, has patched a vulnerability that exposed recordings of private meetings. A fix was made server-side by Fuze, and a patch was pushed to its endpoint client apps within 11 days of being privately notified by researchers at Rapid7...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2017/02/27 12:0 a.m.21 views

Plone CMS < 5.0.5 Information Disclosure Vulnerability

Plone CMS is prone to an information disclosure vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

5.3CVSS5.2AI score0.01115EPSS
Exploits0References2
Prion
Prion
added 2017/02/24 8:59 p.m.21 views

Information disclosure

Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors...

5CVSS6.8AI score0.01115EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2017/02/24 8:59 p.m.8 views

PYSEC-2017-56

Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors...

5.3CVSS6.7AI score0.01115EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/02/24 8:59 p.m.14 views

CVE-2016-4042

Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors...

5.3CVSS6.7AI score
Exploits0References2
Hacker One
Hacker One
added 2016/06/16 4:52 p.m.14 views

Gratipay: set Pragma header

Data returned in web responses can be cached by user's browsers as well as by intermediate proxies. This directive instructs them not to retain the page content in order to prevent others from accessing sensitive content from these caches...

3.4AI score
Exploits0
Cvelist
Cvelist
added 2015/12/11 11:0 a.m.29 views

CVE-2015-7080

Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state...

5.3AI score0.00371EPSS
Exploits0References3
Prion
Prion
added 2015/09/18 12:0 p.m.19 views

Design/Logic Flaw

Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state...

2.1CVSS5.6AI score0.00374EPSS
Exploits0References4Affected Software1
Cisco Threats
Cisco Threats
added 2015/05/27 1:23 p.m.10 views

Threat Outbreak Alert RuleID15545: Email Messages Distributing Malicious Software on May 27, 2015

Medium Alert ID: 39032 First Published: 2015 May 27 13:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID15545 may contain the following files: Name | Size...

0.3AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.19 views

cache_control

This plugin analyzes every HTTPS response and reports instances of incorrect cache control which might lead the users browser to cache sensitive contents on their system. The expected headers for HTTPS responses are: Pragma: No-cache Cache-control: No-store Plugin type Grep Options This plugin...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2012/09/05 11:5 a.m.19 views

Provide HTTP headers for the content that absolutely must not be cached on the client

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29598. panel We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma:...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/05 11:5 a.m.51 views

Provide HTTP headers for the content that absolutely must not be cached on the client

We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...

1.4AI score
Exploits0Affected Software1
Rows per page
Query Builder