Lucene search
K

7921 matches found

NVD
NVD
added 2017/05/18 4:29 p.m.18 views

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

6.1CVSS6AI score0.00686EPSS
Exploits1References2
Prion
Prion
added 2017/05/18 4:29 p.m.13 views

Cross site scripting

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

4.3CVSS5.9AI score0.00686EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/05/18 4:29 p.m.22 views

CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

7CVSS7.5AI score
Exploits0References3
OSV
OSV
added 2017/05/18 4:29 p.m.17 views

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

6.1CVSS6AI score
Exploits0References2
CVE
CVE
added 2017/05/18 4:0 p.m.50 views

CVE-2017-9068

MODX Revolution prior to 2.5.7 contains a Reflected XSS vulnerability. An attacker can trigger XSS by injecting payloads into several fields on the setup page, demonstrated via the database_type parameter. Affected product: MODX Revolution. Root cause: input supplied on the setup page is reflecte...

6.1CVSS6.2AI score0.00686EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/05/18 4:0 p.m.21 views

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

6.7AI score0.00686EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2017/05/16 12:0 a.m.8 views

PT-2017-3048 · Linux +3 · Linux +3

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is caused by a missing bounds check in the Linux kernel, specifically in the drivers/char/lp.c file. This allows an adversary with partial control over the kernel command line,...

10CVSS7.2AI score0.52189EPSS
Exploits97References521
Prion
Prion
added 2017/05/10 4:29 p.m.15 views

Code injection

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

4.3CVSS5.6AI score0.00925EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/05/10 4:29 p.m.5 views

UBUNTU-CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

5.5CVSS6.1AI score0.00925EPSS
Exploits0References3
Veracode
Veracode
added 2017/05/09 6:31 a.m.13 views

Information Leakage Via Error Pages

fatfreecrm is vulnerable to information leakage via error pages. The vulnerability is possible because considerallrequestslocal is set to true by default in production mode, exposing the server setup information in 404 and 500 error pages...

6.4AI score
Exploits0
ICS
ICS
added 2017/05/09 12:0 a.m.31 views

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

6.5CVSS6.3AI score0.00469EPSS
Exploits0References42
rapid7community
rapid7community
added 2017/05/08 1:47 p.m.47 views

Simple Vulnerability Remediation Collaboration with InsightVM

Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security team...

6.8AI score
Exploits0
Citrix
Citrix
added 2017/05/04 12:0 a.m.7 views

Error "cannot connect to the hypervisor at <ADDRESS> object reference not set to an instance of an object" when running the XDSW

When running the XenDesktop Setup Wizard, it can fail with the following error: "cannot connect to the hypervisor at object reference not set to an instance of an object" The string will contain the actual URL of the vCenter Server. This issue can appear when the DataCenter name on the VMWare sid...

7AI score
Exploits0
Kitploit
Kitploit
added 2017/05/01 2:18 p.m.767 views

EAPHammer - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks [Indirect Wireless Pivots Using Hostile Portal Attacks]

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wirele...

7.5AI score
Exploits0References4
Veracode
Veracode
added 2017/04/27 7:47 a.m.21 views

Information Disclosure

github.com/lxc/lxd is vulnerable to information disclosure. This is because it uses world-readable permissions for /var/lib/lxd/zfs.imgwhen setting up a ZFS pool. Using this flaw local users can read and copy data from arbitrary containers...

5.5CVSS5.1AI score0.00303EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/04/27 12:0 a.m.4 views

MODX Revolution Directory Traversal Vulnerability (CNVD-2017-06899)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A directory traversal vulnerability exists in MODX Revolution version 2.5.7. The vulnerability arises du...

5.3CVSS6.7AI score0.02654EPSS
Exploits0References1
Prion
Prion
added 2017/04/25 7:59 p.m.17 views

Directory traversal

Directory traversal in setup/processors/urlsearch.php aka the search page of an unused processor in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information...

5CVSS5.3AI score0.02654EPSS
Exploits0References2Affected Software1
n0where
n0where
added 2017/04/25 4:7 p.m.571 views

Targeted WPA2-Enterprise Evil Twin Attacks: eaphammer

Targeted WPA2-Enterprise Evil Twin Attacks EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that...

0.2AI score
Exploits0References5
Citrix
Citrix
added 2017/04/25 12:0 a.m.5 views

How to Integrate StoreFront and XenMobile when XenMobile is enabled with Domain and Certificate Based Authentication

This article will guide you with the steps to enable XenMobile server and StoreFront Server integration when XenMobile environment is enabled withCertificate + Domain based authentication. To achieve the above use case, you as an admin need to setup the following. 1. Configure/Enable XenMobile...

7AI score
Exploits0
Kitploit
Kitploit
added 2017/04/21 2:23 p.m.52 views

MultiScanner - Modular File Scanning/Analysis Framework

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by...

7.1AI score
Exploits0References1
Rows per page
Query Builder