Lucene search
K

985 matches found

CNVD
CNVD
added 2017/06/07 12:0 a.m.3 views

IBM Security Access Manager for Web Security Bypass Vulnerability

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business is a suite of IBM products for user authentication, authorization, and Web single sign-on solutions that provide user access management and Web application protection Functions. A security bypass...

4.3CVSS6.8AI score0.00939EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/18 12:0 a.m.3 views

Arbitrary File Upload Vulnerability in 'ExamFileUp.ashx' File of MicroXia Online Learning Platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file upload vulnerability exists in the 'ExamFileUp.ashx' file of MicroXia Online Learning Platform. It allows attackers to upload webshell and gain server privileges...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/05/15 12:0 a.m.3 views

The vulnerability of the Oracle MySQL database management system allows a hacker to trigger a service failure.

The vulnerability of the MySQL Server component of the Oracle MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain privileged access and cause the system to become unstable or crash using network packets...

4CVSS6.4AI score0.02829EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2017/05/10 12:0 a.m.6 views

XenServer Cannot Read the License From the License Server

XenServer cannot read the license from the license server...

7AI score
Exploits0
CNVD
CNVD
added 2017/05/07 12:0 a.m.1 views

ZYCHCMS V03 Arbitrary File Write Vulnerability in '/include/page.asp' File

ZYCHCMS is an enterprise website management system. ZYCHCMS V03 '/include/page.asp' file contains an arbitrary file write vulnerability. The vulnerability allows attackers to write scripts to arbitrary files to gain server privileges...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/04/24 12:0 a.m.0 views

Arbitrary file upload vulnerability in the Uploading.ashx file of MicroXia e-learning platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file uploading vulnerability exists in the Uploading.ashx file of the Weixia Online Learning Platform. It allows attackers to exploit the vulnerability to upload webshell and gain server...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/04/18 12:0 a.m.1 views

YXCMS backend new template with SQL execution function has arbitrary file write vulnerability

Yxcms is an enterprise building system based on PHP and mysql technology. YXCMS backend new templates and SQL execution function has arbitrary file write vulnerability, attackers can exploit the vulnerability to write webshell, get server privileges...

8AI score
Exploits0
CNVD
CNVD
added 2017/03/24 12:0 a.m.1 views

74cms V4.1.24 Exists File Inclusion and Reflective Cross-Site Scripting Vulnerabilities

74cms knight cms is a PHP-based open source professional talent system. 74cms V4.1.24 windows server build exists file containing and reflective cross-site scripting vulnerabilities. Allow attackers to exploit the vulnerability to obtain the containing server directory file ; at the same time,...

5.9AI score
Exploits0
myhack58
myhack58
added 2017/03/08 12:0 a.m.3270 views

How fast the use of s02-45 vulnerability to gain server access-vulnerability warning-the black bar safety net

1.1 CVE-2017-5638 vulnerability profile Apache Struts 2 is the world's most popular JavaWeb Server framework. However, in Struts 2 found that the presence of high-risk security vulnerability, CVE-2017-5638,S02-45,and the vulnerability impact to: Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts2...

0.99999EPSS
Exploits44
Prion
Prion
added 2017/02/13 9:59 p.m.11 views

Path traversal

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

5CVSS7.1AI score0.0245EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2017/02/13 9:0 p.m.13 views

CVE-2016-9364

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

7.5AI score0.0245EPSS
Exploits0References2
ripstech
ripstech
added 2016/12/02 12:0 p.m.7 views

Coppermine 1.5.42: Second-Order Command Execution

RIPS Analysis The analysis with RIPS took only 53 seconds to complete and it uncovered a lot of security vulnerabilities - although most of them require authentication. Nonetheless, these issues are severe because they can be combined with other security vulnerabilities that allow an attacker to...

7.8AI score
Exploits0
CNVD
CNVD
added 2016/11/01 12:0 a.m.2 views

File upload vulnerability in the file /userweb/php/index/daPing.class.php of the Tibus Communications call center system

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A file upload vulnerability exists in the file /userweb/php/index/daPing.class.php in the Tibco Call Center System. The vulnerability allows an attacker to upload a webshell a...

7.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/10/19 1:12 p.m.10 views

Adult FriendFinder Vulnerability Leaves Millions Exposed, Report Claims

Adult website Adult FriendFinder may have been compromised by a hacker who said he has gained access to the site’s backend servers and posted allegedly compromised data to his Twitter feed. The breach has not been confirmed by the site’s parent company FriendFinder Networks, which says it is...

0.3AI score
Exploits0References2
CNVD
CNVD
added 2016/09/23 12:0 a.m.4 views

Arbitrary File Write Vulnerability in Eurohoo Government System of Shanghai Eurohoo Network Technology Co.

Shanghai Ohuhu Network Technology Co., Ltd. is a service-oriented enterprise integrating Internet software research and development, website operation, e-commerce and IT services. There is an arbitrary file write vulnerability in Shanghai Ohuhu Network Technology Co. The vulnerability allows an...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2016/09/01 1:8 p.m.26 views

Insecure Redis Instances at Core of Attacks Against Linux Servers

A recent run of attacks against Linux servers called Fairware has been traced to insecure internet-facing Redis installations that hackers have abused to delete web folders and, in some cases, install malicious code. Redis is an open source tool used by web application developers for the purpose ...

Exploits0References5
CNVD
CNVD
added 2016/08/31 12:0 a.m.2 views

SQL Injection Vulnerability in Remote Rapid Application Access Solution System mxcheckuserMachine.php Page Parameter a of UFIDA Information Technology Ltd.

UFIDA UPC Information Technology Co., Ltd. remote rapid application access solution is to use U8 remote access can be realized instantly access to the company's application systems and enterprise information and simplify the deployment and management of complex computing environment. The product...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2016/08/25 12:0 a.m.1 views

Arbitrary File Upload Vulnerability in Jianwen Project Management System

Jianwen project management system is a .net developed cycle management system applied to a variety of engineering projects There is an arbitrary file upload vulnerability in the Jianwen Project Management System: File upload vulnerability address:...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2016/08/08 12:0 a.m.1 views

Default Backdoor Vulnerability in s-cms Website Builder System

S-CMS is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise to provide solutions to build a station of the product. There is a default backdoor vulnerability in s-cms website builder system. Allow attackers to directly obtain site or server permissions...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2016/06/20 1:55 p.m.16 views

xDedic Hacked Servers Market May Be Larger Than Originally Thought

New data anonymously shared with Kaspersky Lab researchers may enlarge the scope of and provide additional context to the hacked RDP servers for sale on the now defunct xDedic marketplace. The underground marketplace was disclosed in a report published last Tuesday describing an eBay-style platfo...

6.6AI score
Exploits0References4
Rows per page
Query Builder