CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2016/05/25 3:59 p.m.•22 views

Session fixation

2.1CVSS5.9AI score0.00375EPSS

Exploits0References11Affected Software11

FireEye•added 2016/05/22 3:0 a.m.•18 views

Targeted Attacks against Banks in the Middle East

UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...

7AI score

seebug.org•added 2016/05/19 12:0 a.m.•59 views

Phpwind GET型CSRF任意代码执行漏洞

来源链接：http://www.wooyun.org/bugs/wooyun-2016-01758150-tsina-1-93389-397232819ff9a47a7b7e80a40613cfe1 这个洞其实很有意思，最可惜的地方就是其触发位置在后台，否则它将是一个绝无仅有的好洞。 0x01 后台反序列化位置首先纵览整个phpwindv9，反序列化的位置很多，但基本都是从数据库里取出的，很难完全控制序列化字符串。最后，找到三处：可恶的是，三处都在后台的Task模块下。Task模块是『任务中心』功能，只有能进入后台的用户才可以访问：随便打开一个，...

7.1AI score

Tenable Nessus•added 2016/05/13 12:0 a.m.•58 views

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-2974-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2974-1 advisory. Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue t...

9.8CVSS7.3AI score0.06359EPSS

Exploits0References13

Fedora•added 2016/05/07 1:26 p.m.•52 views

[SECURITY] Fedora 24 Update: ansible-2.0.2.0-1.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

7.8CVSS3.3AI score0.00468EPSS

Fedora•added 2016/04/30 12:28 a.m.•38 views

[SECURITY] Fedora 23 Update: ansible-2.0.2.0-1.fc23

7.8CVSS3.3AI score0.00468EPSS

Fedora•added 2016/04/30 12:22 a.m.•27 views

[SECURITY] Fedora 22 Update: ansible-2.0.2.0-1.fc22

7.8CVSS3.3AI score0.00468EPSS

Fedora•added 2016/04/25 11:57 p.m.•39 views

[SECURITY] Fedora 23 Update: ansible1.9-1.9.6-1.fc23

7.8CVSS2.6AI score0.00468EPSS

Fedora•added 2016/04/25 10:22 p.m.•34 views

[SECURITY] Fedora 22 Update: ansible1.9-1.9.6-1.fc22

7.8CVSS2.6AI score0.00468EPSS

CNVD•added 2016/04/21 12:0 a.m.•2 views

Cisco Wireless LAN Controller Denial of Service Vulnerability (CNVD-2016-02517)

The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A denial of service vulnerability in the Bonjour Task Manager for Cisco Wireless LAN Controller WLC Software allows remote attackers ...

7.8CVSS7AI score0.01618EPSS

CNVD•added 2016/04/16 12:0 a.m.•2 views

Qemu Information Disclosure Vulnerability (CNVD-2016-02391)

QEMU is a suite of analog processor software. A vulnerability in Qemu's kvmvapic.c when using Task Priority Register TPR optimization allows a local attacker to exploit the vulnerability to obtain host-sensitive information...

6.5CVSS6.7AI score0.00375EPSS

OSV•added 2016/04/14 12:0 a.m.•2 views

UBUNTU-CVE-2016-4020

6.5CVSS6.8AI score0.00375EPSS

Exploits0References5

ThreatPost•added 2016/04/13 5:25 p.m.•10 views

Jigsaw Ransomware Decryption Tool

Menacing ransomware called Jigsaw threatened to delete thousands of files an hour if victims didn’t pay 0.4 Bitcoins or $150. Worse, restarting your PC, according to the attackers, would also cost victims 1,000 deleted files. The icing on the cake was a menacing image of “Billy the Puppet” from t...

1.2AI score

Exploits0References2

Positive Technologies•added 2016/04/13 12:0 a.m.•12 views

PT-2016-6829 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.5.1 Description: The issue allows local users to cause a denial of service, resulting in a NULL pointer dereference and system crash. This can be achieved by using an ABORT TASK command to abort a device write...

10CVSS7.3AI score0.89063EPSS

Exploits259References520

CNVD•added 2016/04/08 12:0 a.m.•3 views

OAR Elevation of Privilege Vulnerability

OAR is a versatile resource and task manager for HPC clusters. An error in OAR's handling of the oarsh command allows a local attacker to exploit this vulnerability for elevation of privilege...

9CVSS6.8AI score0.03448EPSS

hackapp•added 2016/04/01 9:38 a.m.•19 views

Any.do: To-Do List, Task List - Dangerous filesystem permissions, Exported ContentProvider, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Any.do: To-Do List, Task List published at the 'play' market has multiple vulnerabilities...

0.3AI score

hackapp•added 2016/04/01 9:38 a.m.•16 views

ES Task Manager (Task Killer ) - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application ES Task Manager Task Killer published at the 'play' market has multiple vulnerabilities...

0.4AI score

hackapp•added 2016/04/01 9:38 a.m.•14 views

Advanced Task Manager - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Advanced Task Manager published at the 'play' market has multiple vulnerabilities...

0.2AI score

hackapp•added 2016/04/01 9:22 a.m.•10 views

Advanced Task Killer - Exported components, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Advanced Task Killer published at the 'play' market has multiple vulnerabilities...

0.3AI score