Lucene search
K

463 matches found

Cvelist
Cvelist
added 2018/06/01 6:0 p.m.27 views

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

8AI score0.00644EPSS
Exploits0References2
CVE
CVE
added 2018/06/01 6:0 p.m.57 views

CVE-2016-10592

Vulnerability summary: The jser-stat library downloads data resources over HTTP, enabling man-in-the-middle (MitM) attacks when an attacker can observe/modify network traffic. The impact is variable and can include reading sensitive data up to remote code execution, depending on package behavior....

8.1CVSS7.8AI score0.00644EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2018/01/12 12:14 p.m.17 views

jspcc.org.cn XSS vulnerability

Open Bug Bounty ID: OBB-514819 Description| Value ---|--- Affected Website:| jspcc.org.cn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2017/12/27 12:0 a.m.23 views

PHP Web Stat 4.5.03 Backdoor Account

======================================================================== | Title : php web stat v4.5.03 Backdoor account vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork :...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/12/27 12:0 a.m.28 views

PHP Web Stat 4.x.x Information Disclosure

======================================================================== | Title : php web stat v4.x.x information Disclosure vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : all | Vendor : http://wmscripti.com/ | Dork :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/12/27 12:0 a.m.29 views

PHP Web Stat 4.5.03 Cross Site Scripting

======================================================================== | Title : php web stat v4.5.03 xss vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork : Copyright Ac 20...

0.1AI score
Exploits0
CNVD
CNVD
added 2017/11/17 12:0 a.m.1 views

FreeBSD Information Disclosure Vulnerability (CNVD-2017-37251)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from a program failing to properly...

3.3CVSS6.8AI score0.00386EPSS
Exploits0References1
Veracode
Veracode
added 2017/10/23 8:16 a.m.14 views

Cross-site Request Forgery (CSRF)

phpmyfaq/phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application does not have CSRF protection for the phpmyfaq/admin/stat.main.php file, allowing a malicious user to send a request to the application to clear the visits value on the stat page...

8.8CVSS8.6AI score0.01103EPSS
Exploits2References1Affected Software2
CNVD
CNVD
added 2017/10/23 12:0 a.m.3 views

phpMyFAQ cross-site request forgery vulnerability (CNVD-2017-32428)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

8.8CVSS8.7AI score0.01103EPSS
Exploits2References1
CNVD
CNVD
added 2017/10/23 12:0 a.m.4 views

Cross-site request forgery vulnerability in phpMyFAQ admin/stat.ratings.php file

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

8.8CVSS8.7AI score0.02483EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2017/09/18 12:0 a.m.35 views

GLSA-201709-12 : Perl: Race condition vulnerability

The remote host is affected by the vulnerability described in GLSA-201709-12 Perl: Race condition vulnerability A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtree and removetree functions in the File-Path module before...

5.9CVSS7.2AI score0.02359EPSS
Exploits0References2
Nmap
Nmap
added 2017/07/26 7:34 p.m.749 views

ftp-syst NSE Script

Sends FTP SYST and STAT commands and returns the result. The canonical SYST response of "UNIX Type: L8" is stripped or ignored, since it is meaningless. Typical FTP response codes 215 for SYST and 211 for STAT are also hidden. References: Example Usage nmap -sV -sC Script Output | ftp-syst: | SYS...

10CVSS9.4AI score0.99448EPSS
Exploits33
OSV
OSV
added 2017/07/19 12:29 p.m.3 views

CVE-2017-9764

Cross-site scripting XSS vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action...

6.1CVSS5.9AI score0.00802EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/06/30 12:0 a.m.49 views

openSUSE Security Update : the Linux Kernel (openSUSE-2017-716) (Stack Clash)

The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be...

7.4CVSS7.2AI score0.05186EPSS
Exploits3References43
BDU FSTEC
BDU FSTEC
added 2017/06/05 12:0 a.m.10 views

The vulnerability of the get_process_ttyname function in the system administration software Sudo may allow attackers to elevate their privileges to superuser status and execute arbitrary code.

The vulnerability of the getprocessttyname function in the Sudo system administration program is related to insufficient input data validation. The vulnerability is exploited by creating a symbolic link to the executable file of Sudo, with the file name formatted in a specific way a space followe...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References18Affected Software5
OPENSUSE Linux
OPENSUSE Linux
added 2017/05/31 12:9 p.m.77 views

Security update for sudo (important)

This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

7.2AI score0.08018EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2017/05/31 12:0 a.m.37 views

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1446-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References7
Tenable Nessus
Tenable Nessus
added 2017/05/31 12:0 a.m.71 views

Ubuntu 14.04 LTS / 16.04 LTS : Sudo vulnerability (USN-3304-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3304-1 advisory. It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker i...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2017/05/31 12:0 a.m.17 views

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1450-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References7
OSV
OSV
added 2017/05/30 4:38 p.m.4 views

USN-3304-1 sudo vulnerability

It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions...

6.9CVSS6.9AI score0.08018EPSS
Exploits8References2
Rows per page
Query Builder