Lucene search
K

1850 matches found

Prion
Prion
added 2020/07/15 6:15 p.m.15 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.5CVSS6.5AI score0.02035EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2020/07/14 1:15 p.m.28 views

Input validation

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all...

10CVSS8.9AI score0.9796EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/14 12:0 a.m.6 views

PT-2020-3284 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.20 and prior Description: The issue is related to insufficient input validation in the Server: Security: Privileges component of Oracle MySQL Server. This allows a highly privileged attacker with network access via...

9.8CVSS6.6AI score0.88077EPSS
Exploits25References945
OpenVAS
OpenVAS
added 2020/07/13 12:0 a.m.8 views

Huawei Data Communication: NTP Level-1 Server Security Authentication Configuration

Configure the NTP level-1 server security authentication. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2020/07/03 11:44 a.m.14 views

Engel & Völkers Technology GmbH: Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com

Summary: The Spring Boot Actuators are exposing critical information on gonext-stage.engelvoelkers.com such as the last 100 HTTP requests made to the server including cookies, paths, etc and the environment configuration. The endpoints are the following: - /trace - /env - /mappings - /configprops...

0.6AI score
Exploits0
OSV
OSV
added 2020/06/24 7:44 a.m.6 views

SUSE-SU-2020:1735-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...

7.8CVSS7.7AI score0.01236EPSS
Exploits1References3
OSV
OSV
added 2020/06/19 10:15 a.m.13 views

CVE-2020-5590

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors...

8.1CVSS6.7AI score
Exploits0References3
Imperva Blog
Imperva Blog
added 2020/06/16 7:1 a.m.44 views

5 Things to Know About Imperva RASP

Imperva Runtime Application Self-Protection RASP is a server-side security solution for applications, providing application security by default. Here are 5 things to know about Imperva RASP: 1. RASP and a WAF are complementary While a cloud-based web application firewall keeps previously known ba...

0.2AI score
Exploits0
CVE
CVE
added 2020/06/08 3:21 p.m.38 views

CVE-2020-9042

The provided sources describe a CSRF vulnerability in Couchbase Server 6.0 where credentials cached in a browser can be abused to perform a CSRF attack if an administrator has used the browser to view REST API results. Concrete exploit/impact details beyond this (specific vectors, affected versio...

8.8CVSS8.6AI score0.00576EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.6 views

The vulnerability of the microprogramming software of the programmable logic controller SIMATIC S7-1200 allows a intruder to execute malicious JavaScript code.

The vulnerability of the microprogrammed control system for the SIMATIC S7-1200 programmable logic controller is related to the lack of security measures taken for the web server. Exploiting this vulnerability allows a malicious actor to execute malicious JavaScript code remotely...

5.3CVSS7.3AI score0.02556EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2020/05/19 7:8 a.m.25 views

Unrestricted File Upload

activestorage allows unrestricted file uploads. The Content-Length in signature for ActiveStorage direct upload is not validated, allowing an attacker upload a file with an arbitrary file size or bypass controls in place on the server...

7.5CVSS3.9AI score0.03065EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2020/05/15 3:48 p.m.1 views

MGASA-2020-0211 Updated netkit-telnet packages fix security vulnerability

Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could...

10CVSS10AI score0.74513EPSS
Exploits2References3
OSV
OSV
added 2020/04/17 8:32 a.m.5 views

SUSE-SU-2020:1020-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. - CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847...

7.5CVSS6.8AI score0.02168EPSS
Exploits1References6
CVE
CVE
added 2020/04/16 4:24 p.m.72 views

CVE-2020-11811

The CVE-2020-11811 entry concerns qdPM 9.1 where an attacker can upload a crafted PHP file through the Add Profile Photo capability using a malicious Content-Type, enabling remote code execution on the server via the uploaded file. The vulnerability originates from the server accepting and execut...

10CVSS9.4AI score0.02998EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/15 1:29 p.m.27 views

CVE-2020-2790

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.9AI score0.0179EPSS
Exploits0References3
OSV
OSV
added 2020/04/01 4:15 a.m.26 views

CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

4.3CVSS6.4AI score
Exploits0References8
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/03/26 6:15 p.m.32 views

Riding another wave of success for our multi-layered detection and response approach

The corporate endpoint is a constant battle between cybersecurity white hats and criminal attackers. According to one study from the Ponemon Institute, 68% of organizations were victims of an attack on the endpoint in 2019. The risks and costs associated with undetected threats are immeasurable...

7AI score
Exploits0
AlpineLinux
AlpineLinux
added 2020/03/22 3:47 a.m.47 views

CVE-2020-10804

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. A malicious user with access to the server could create a crafted username, and then...

8CVSS8AI score0.02694EPSS
Exploits0
CVE
CVE
added 2020/03/19 5:54 p.m.43 views

CVE-2019-16064

Summary: CVE-2019-16064 affects NETSAS Enigma NMS 65.0.0 and earlier. A directory traversal vulnerability allows an authenticated user to access files and directories outside the web root, enabling listing of OS directory contents, creating directories, uploading files, and modifying/deleting fil...

9.6CVSS9AI score0.01306EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/03/16 12:0 a.m.0 views

Typecho has a file upload vulnerability

Typecho is a blogging system. Typecho suffers from a file upload vulnerability that can be exploited by an attacker to upload arbitrary files to the server...

7.2AI score
Exploits0
Rows per page
Query Builder