Lucene search
K

986 matches found

ThreatPost
ThreatPost
added 2016/06/20 1:55 p.m.16 views

xDedic Hacked Servers Market May Be Larger Than Originally Thought

New data anonymously shared with Kaspersky Lab researchers may enlarge the scope of and provide additional context to the hacked RDP servers for sale on the now defunct xDedic marketplace. The underground marketplace was disclosed in a report published last Tuesday describing an eBay-style platfo...

6.6AI score
Exploits0References4
CNVD
CNVD
added 2016/06/15 12:0 a.m.2 views

Arbitrary File Upload Vulnerability in New Harvest Technology Creative Portal Information Management System

Creative Portal Management System is a creative information publishing platform applied in the construction of New Harvest Technology. The New Harvest Technology Creative Portal Information Management System has an arbitrary file upload vulnerability that allows attackers to exploit the...

7AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2016/05/30 12:0 a.m.3 views

WordPress RobotCPA Plugin Local File Inclusion

An information disclosure vulnerability exists in WordPress RobotCPA Plugin. Successful exploitation of this vulnerability could allow a remote attacker to access the content of files found on the web server...

3AI score
Exploits0
CNVD
CNVD
added 2016/05/27 12:0 a.m.1 views

Arbitrary File Upload Vulnerability in PatrolFlow Multi-service Security Gateway Intelligent Management Platform of Beijing Byzoro Network Technology Co.

PatrolFlow is a multi-service security gateway intelligent management platform of Beijing Byzoro Network Technology Co. An arbitrary file upload vulnerability exists in the PatrolFlow multi-service security gateway intelligent management platform of Beijing Byzoro Network Technology Co. The...

7.2AI score
Exploits0References1
Node.js
Node.js
added 2016/03/28 5:21 p.m.22 views

Authentication Bypass

Overview Affected versions of the console-io package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io allows terminal access on the server via a web page, an authentication bypass is essentially remote...

10CVSS6.5AI score0.02369EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2016/03/28 12:0 a.m.1 views

Multiple vulnerabilities in the Nepalese national government's common website building system

Nepal National Government Universal System NGUS is a website builder system. There are multiple vulnerabilities in the NGN Universal System that can be exploited by an attacker to obtain sensitive information from the database, upload a webshell, and gain access to the server...

6.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/03/03 4:22 p.m.6 views

server: patch operation should use patched object to check admission control

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space...

7.7CVSS7.4AI score0.01583EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/02/11 3:36 p.m.24 views

New Relic: [download.newrelic.com] Access to private directories

When we try to open a private folder http://download.newrelic.com/private/ we get a warning: This directory contains special-access versions of the New Relic agents. If you would like to participate in early access or beta testing programs please contact [email protected] and they will forward...

Exploits0
myhack58
myhack58
added 2016/01/27 12:0 a.m.24 views

PayPal remote command execution vulnerability analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 1 2 on, the author in the PayPal of a sub-station in found a to be able to remotely execute arbitrary shell commands java deserialization vulnerability, and can impact PayPal products database. I'll be the bug was submitted to PayPal, and was quickly repaired. Vulnerability details !...

0.6AI score
Exploits0
CNVD
CNVD
added 2016/01/11 12:0 a.m.3 views

UFIDA PDM system suffers from java deserialization vulnerability

UFIDA PDM system is oriented to manufacturing technology informatization, product as the core, product-related data, process, resource integration and management system. UFIDA PDM system has a java deserialization vulnerability that allows attackers to exploit the vulnerability to execute remote...

8.1AI score
Exploits0
CNVD
CNVD
added 2015/12/04 12:0 a.m.3 views

SQL Injection, Arbitrary File Upload Vulnerability in Panavision Standard Edition e-office

Panmicro Office e-office Standard Edition is a work platform for small businesses or teams. SQL injection and arbitrary file upload vulnerabilities exist in Panmicro Standard Edition e-office, allowing attackers to exploit the vulnerabilities to obtain sensitive database information, upload...

8.3AI score
Exploits0References1
CNVD
CNVD
added 2015/12/04 12:0 a.m.3 views

Zhongkexinye Network Sentinel Arbitrary Command Execution Vulnerability

ZKXY Network Sentinel is an Internet security auditing system that integrates behavioral auditing and content auditing, and is deployed as a bypass at the network egress. An arbitrary command execution vulnerability exists in ZKXN Network Sentry. The vulnerability exists in the file:...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2015/12/03 12:0 a.m.2 views

Zhongkexinye Network Sentinel Arbitrary File Upload Vulnerability (CNVD-2015-07932)

ZKXY Network Sentinel is an Internet security auditing system that integrates behavioral auditing and content auditing and is deployed at the network exit in a bypass mode. ZKXN Network Sentry suffers from an arbitrary file upload vulnerability. An attacker can exploit the vulnerability to upload...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2015/11/06 12:0 a.m.21 views

PuTTY -- memory corruption in terminal emulator's erase character handling

Ben Harris reports: Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be abl...

4.3CVSS9.2AI score0.03467EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.4 views

The vulnerability of the MySQL database management system allows a attacker to gain access to the MySQL Server or execute arbitrary code.

The vulnerability of Client programs, a sub-component of the MySQL database management system, is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating locally, to gain access to the MySQL Server or execute arbitrary code...

7.2CVSS7.4AI score0.0045EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/10/13 12:0 a.m.3 views

The vulnerability of the Squid proxy server allows attackers to bypass existing restrictions and gain access to the server.

The vulnerability of the Squid proxy server is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to bypass existing restrictions and gain access to the server by manipulating the CONNECT request...

6.8CVSS7AI score0.16525EPSS
Exploits1References11Affected Software1
RedHat Linux
RedHat Linux
added 2015/09/30 4:35 p.m.4 views

jenkins: external entity injection via XPath (SECURITY-165)

It was found that Jenkins' XPath handling allowed XML External Entity XXE expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server...

7.5CVSS5.9AI score0.01414EPSS
Exploits0References5
myhack58
myhack58
added 2015/08/25 12:0 a.m.32 views

How the invasion of the Pocket within the network-vulnerability warning-the black bar safety net

Let's black IT security recently reported, the Pocket application's developers recently fixed a few leaked data a vulnerability, hackers may be from the server, obtain sensitive information. Here offer tutorials for everyone to learn and exchange. The Pocket is what I have many years did not put...

6.7AI score
Exploits0
myhack58
myhack58
added 2015/08/22 12:0 a.m.22 views

Firefox bookmarks extensions apps Pocket: vulnerability mining not so difficult-vulnerability warning-the black bar safety net

The Pocket application's developers recently fixed a few leaked data a vulnerability, hackers may be from the server to obtain WEB Services, internal IP address, as well as more sensitive information. Pocket profile Pocket formerly known as Read it Later, as the name suggests, is an online...

0.3AI score
Exploits0
CNVD
CNVD
added 2015/08/15 12:0 a.m.1 views

Arbitrary File Upload Vulnerability in WeChat Service Intelligent Platform of Yue Liang Legend Technology Co.

The main business of EVERLIGHT LEGEND TECHNOLOGY CO., LTD. is industry application software, and the main customers are telecommunication operators, electric power and aviation. WeChat Service Intelligent Platform is one of the operating platforms of Yue Liang Legend Technology Co. A generic...

8.1AI score
Exploits0References1
Rows per page
Query Builder