Lucene search
K

128 matches found

OSV
OSV
added 2020/05/20 7:15 p.m.8 views

ALPINE-CVE-2020-13249

libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadblib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle...

8.8CVSS7.1AI score0.02779EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/04/23 12:0 a.m.52 views

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, g...

5.9AI score
Exploits0
OSV
OSV
added 2019/09/06 5:15 p.m.6 views

CVE-2019-15102

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...

9.8CVSS8AI score0.03852EPSS
Exploits1References1
OSV
OSV
added 2019/08/21 8:15 p.m.4 views

CVE-2018-17791

Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...

7.5CVSS5.8AI score0.01905EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/08/12 6:21 p.m.60 views

CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS0.3AI score0.0388EPSS
Exploits1References2
Prion
Prion
added 2019/07/13 9:15 p.m.49 views

Design/Logic Flaw

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5CVSS7AI score0.0388EPSS
Exploits1References18Affected Software1
FreeBSD
FreeBSD
added 2019/03/28 12:0 a.m.28 views

Jupyter notebook -- open redirect vulnerability

Jupyter blog: Login pages tend to take a parameter for redirecting back to a page after successful login, e.g. /login?next=/notebooks/mynotebook.ipynb, so that you aren't disrupted too much if you try to visit a page, but have to authenticate first. An Open Redirect Vulnerability is when a...

6.1CVSS2.2AI score0.01741EPSS
Exploits0References2
CNVD
CNVD
added 2019/02/11 12:0 a.m.2 views

WSD-T13 Cloud Storage Camera (Android client) suffers from an override access vulnerability (CNVD-2019-06647)

Ltd. is an enterprise specializing in the research and development, production, sales and service of security monitoring products. WSD-T13 Cloud Storage Camera Android client suffers from an overstepping access vulnerability. The vulnerability is due to the server on the client request data...

7.1AI score
Exploits0
NVD
NVD
added 2019/01/31 6:29 p.m.30 views

CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

7.4CVSS6.3AI score0.01976EPSS
Exploits1References3
NVD
NVD
added 2018/10/10 1:29 p.m.20 views

CVE-2018-8489

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,...

8.4CVSS8.6AI score0.04126EPSS
Exploits0References3
Prion
Prion
added 2018/03/16 2:29 p.m.30 views

Improper access control

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

7.5CVSS9.5AI score0.04913EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2017/12/06 12:0 a.m.48 views

Perspective ICM Investigation And Case 5.1.1.16 Privilege Escalation

Exploit Title: Privilege Escalation - Perspective ICM Investigation & Case - 5.1.1.16 Date Reported to vendor: Jun 28, 2017 Date Accepted by vendor: Jun 11, 2017 Exploit Author: [email protected] Vendor Homepage: www.resolver.com Version: Perspective ICM Investigation & Case -...

8.9AI score0.05564EPSS
Exploits4
Prion
Prion
added 2017/10/17 8:29 p.m.17 views

Remote code execution

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution...

6.8CVSS8.1AI score0.01729EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/19 12:0 a.m.2 views

Interval International app for iOS authentication vulnerability

Interval International app for iOS is a travel management software from Interval USA. An authentication vulnerability exists in versions 3.3 through 3.5.1 of the Interval International app for iOS, which stems from the program failing to validate an X.509 certificate on the server side of an SSL...

5.9CVSS6.8AI score0.00587EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/09 12:0 a.m.1 views

State Bank of India State Bank Anywhere app for iOS Man-in-the-Middle Attack Vulnerability

State Bank of India State Bank Anywhere app for iOS is a mobile app for iOS from State Bank of India with features like quick access to manage bank accounts, manage balances, pay bills and send money. A security vulnerability exists in version 5.1.0 of the State Bank of India State Bank Anywhere...

5.9CVSS6.5AI score0.00486EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.13 views

Cross-Site Scripting (XSS)

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...

5.5AI score
Exploits0References2
CNVD
CNVD
added 2016/04/25 12:0 a.m.2 views

Midea's i+ smart refrigerator has design logic flaws

The Midea i+ Smart Refrigerator is a smart home appliance developed by Midea Group. Midea's i+ Smart Refrigerator is susceptible to man-in-the-middle attacks due to the insecure protocol for transmitting data and the lack of validation of what is transmitted on the client and server side. The lac...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.58 views

FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== FoxyCart Bug Bounty 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1451 098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0 Release Date: ============= 2015-07-15...

7.9AI score
Exploits0
Prion
Prion
added 2015/06/23 9:59 p.m.17 views

Code injection

Intel McAfee ePolicy Orchestrator ePO 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifica...

5.8CVSS6.3AI score0.01021EPSS
Exploits0References5Affected Software1
Vulnerability Lab
Vulnerability Lab
added 2015/02/06 12:0 a.m.51 views

BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability

Document Title: =============== BlinkSale Bug Bounty 1 - Encode & Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Rows per page
Query Builder