Lucene search
+L

18 matches found

OSV
OSV
added 2024/03/30 6:2 p.m.21 views

CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

8.8CVSS7.7AI score0.00445EPSS
Exploits1References4
NVD
NVD
added 2020/09/17 8:15 p.m.16 views

CVE-2020-15182

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery CSRF and Remote Code Execution RCE. The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially...

9.6CVSS0.01171EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.10 views

The vulnerability of Google Chrome, related to writing beyond the buffer of memory, allows a perpetrator to gain unauthorized access to protected information and compromise its integrity and accessibility.

The vulnerability of Google Chrome relates to the writing beyond the buffer of the memory buffer. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and compromise its integrity and availability through a specially created HTML file...

9.3CVSS7.5AI score0.0184EPSS
Exploits0References11Affected Software5
Microsoft KB
Microsoft KB
added 2020/04/13 4:12 a.m.32 views

MS14-018: Description of the security update for Internet Explorer: April 8, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...

0.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/04/19 12:0 a.m.8 views

The vulnerability in Microsoft Edge browsers arises from an operation that goes beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Edge arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...

4.2CVSS7.9AI score0.11107EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2018/12/31 12:0 a.m.7 views

Apple WebKit Memory Corruption (CVE-2018-4233)

A remote code execution vulnerability exists in Apple WebKit. The vulnerability is due to a memory corruption when handling of objects in javascript JIT. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted js webpage. Successful exploitation...

6.8CVSS2.9AI score0.53772EPSS
Exploits12
Prion
Prion
added 2018/12/20 3:29 p.m.18 views

Cross site request forgery (csrf)

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...

6.8CVSS8.8AI score0.008EPSS
Exploits1References3Affected Software1
Symantec
Symantec
added 2017/06/13 12:0 a.m.25 views

Microsoft Edge CVE-2017-8504 Information Disclosure Vulnerability

Description Microsoft Edge is prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks...

4.3CVSS0.1AI score0.05253EPSS
Exploits0
Symantec
Symantec
added 2016/11/08 12:0 a.m.27 views

Microsoft Internet Explorer and Edge CVE-2016-7199 Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in...

2.6CVSS5.6AI score0.13089EPSS
Exploits0References1Affected Software1
Microsoft KB
Microsoft KB
added 2016/10/11 7:0 a.m.50 views

Microsoft Teams help & learning

None None...

10CVSS6.7AI score0.53653EPSS
Exploits0
Symantec
Symantec
added 2015/05/12 12:0 a.m.38 views

Microsoft Internet Explorer CVE-2015-1706 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

9.3CVSS0.2AI score0.15631EPSS
Exploits0Affected Software8
ThreatPost
ThreatPost
added 2014/07/08 3:23 p.m.10 views

Microsoft July 2014 Patch Tuesday fixes 29 IE Vulnerabilities

Microsoft today issued two critical-, three important-, and one moderate-rated security bulletins in the July edition of its monthly Patch Tuesday release. The updates address 29 security vulnerabilities in the company’s Windows operating system, Internet Explorer browser, and server software. Th...

Exploits0References3
Packet Storm
Packet Storm
added 2014/04/20 12:0 a.m.29 views

Teracom Modem T2-B-Gawv1.4U10Y-BI Cross Site Request Forgery

Exploit Title: Teracom Modem CSRF Vulnerability Date: 20-04-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/20 12:0 a.m.31 views

Teracom Modem T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery

Exploit Title: Teracom Modem CSRF Vulnerability Date: 20-04-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a...

7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/02/03 12:0 a.m.17 views

Microsoft Internet Explorer Null Byte Information Disclosure - Ver2 (CVE-2012-0012)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this vulnerability by enticing target users to open a specially crafted webpage. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitiv...

5.4AI score0.16915EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/12/04 12:0 a.m.51 views

Microsoft Windows InformationCardSigninHelper Class ActiveX Control Code Execution - ver 2 (CVE-2013-3918)

A remote code execution vulnerability exists in the InformationCardSigninHelper Class ActiveX control, icardie.dll. When the InformationCardSigninHelper Class ActiveX control is instantiated in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run...

9.3CVSS7.5AI score0.73872EPSS
Exploits3
htbridge
htbridge
added 2013/03/27 12:0 a.m.48 views

Multiple Vulnerabilities in KrisonAV CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...

5.1CVSS6.3AI score0.01826EPSS
Exploits6Affected Software1
Saint
Saint
added 2007/12/07 12:0 a.m.39 views

MacroVision InstallShield Update Service isusweb.dll unsafe method

Added: 12/07/2007 CVE: CVE-2007-5660 BID: 26280 OSVDB: 38347 Background MacroVision InstallShield is software for creating installers or software packages. Problem Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page...

9.3CVSS6.5AI score0.36619EPSS
Exploits12
Rows per page
Query Builder