Lucene search
K

121 matches found

Veracode
Veracode
added 2017/07/28 2:26 a.m.31 views

Cross-Site Scripting (XSS)

Wordpress is vulnerable to cross-site scripting XSS attacks. The attacks are possible because of the incomplete fix for CVE-2015-3440. It leads to improper storage of long comment due to the limitations on the MySQL TEXT data type...

6.1CVSS5.8AI score0.17945EPSS
Exploits1References2Affected Software2
CNVD
CNVD
added 2017/02/27 12:0 a.m.3 views

IBM WebSphere MQ Man-in-the-Middle Hijacking Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. IBM WebSphere MQ sends cryptographic data in clear text over the network, allowing remote attackers to exploit the vulnerability to sniff the network for sensitive information...

5.9CVSS6.8AI score0.00826EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2017/02/09 5:44 a.m.98 views

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

9.6CVSS7.4AI score0.95707EPSS
Exploits13
OpenVAS
OpenVAS
added 2017/01/26 12:0 a.m.75 views

Ubuntu: Security Advisory (USN-3179-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.9AI score0.95707EPSS
Exploits13References2
CNVD
CNVD
added 2016/11/10 12:0 a.m.16 views

Phoenix Contact ILC Information Disclosure Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An information disclosure vulnerability exists in Phoenix Contact ILC PLCs due to sensitive information being stored in clear text. An attacker could exploit th...

7.3CVSS6.1AI score0.05845EPSS
Exploits4References1
Ubuntu
Ubuntu
added 2016/09/23 2:29 p.m.107 views

USN-3087-2: OpenSSL regression

USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Statu...

7.4AI score
Exploits0References1
OSV
OSV
added 2016/05/22 1:59 a.m.9 views

CVE-2015-8834

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an...

6.1CVSS6.2AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/04/12 5:37 p.m.7 views

samba: Man-in-the-middle attacks possible with NTLMSSP authentication

Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...

5.9CVSS6.6AI score0.08305EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/12 5:37 p.m.6 views

samba: Man-in-the-middle attacks possible with NTLMSSP authentication

Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...

5.9CVSS6.6AI score0.08305EPSS
Exploits0References5
Patchstack
Patchstack
added 2016/03/25 12:0 a.m.25 views

WordPress <= 4.2.1 - XSS

This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type. Solution Update WordPress...

6.1CVSS1.8AI score0.01784EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2016/02/08 12:0 a.m.5 views

GE SNMP/Web Interface adapter information disclosure vulnerability

The GE SNMP/Web Interface adapter is a web server from General Electric that displays current information about an uninterruptible power supply. The GE SNMP/Web Interface adapter file contains information stored in clear text, allowing remote attackers to exploit this vulnerability to obtain...

6.5CVSS6.5AI score0.09933EPSS
Exploits4References1
n0where
n0where
added 2015/08/14 3:28 a.m.35 views

Smart Traffic Sniffing: NetRipper

Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...

Exploits0References2
Prion
Prion
added 2015/08/03 2:59 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

4.3CVSS5.9AI score0.17945EPSS
Exploits1References15Affected Software2
UbuntuCve
UbuntuCve
added 2015/08/03 2:59 p.m.40 views

CVE-2015-3440

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

4.3CVSS6.8AI score0.17945EPSS
Exploits1References4
Cvelist
Cvelist
added 2015/08/03 2:0 p.m.28 views

CVE-2015-3440

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

6AI score0.17945EPSS
Exploits1References15
OSV
OSV
added 2015/01/27 8:4 p.m.3 views

UBUNTU-CVE-2015-1360

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and...

7.5CVSS7.4AI score0.0128EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2014/07/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2012-2539

Microsoft Word allows attackers to execute remote code or cause a denial-of-service DoS via crafted RTF data...

9.3CVSS6.1AI score0.53159EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2013/04/12 8:41 p.m.15 views

Minor flaw allows Hacker to hijack Avira Antivirus customers accounts

Cross site scripting vulnerabilities are mistakenly considered unimportant, but they could allow attackers to inject client-side script in web pages visited by victims. A cross-site scripting xss vulnerability may be exploited by hackers to bypass access controls going beyond the exceptions. An...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2007/02/23 1:0 a.m.22 views

CVE-2006-7037

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to 1 bypass password protection by replacing the password field with a hash of a known...

6.3AI score0.00317EPSS
Exploits0References6
securityvulns
securityvulns
added 2006/05/27 12:0 a.m.38 views

Morris Guestbook v1

Homepage: http://www.tuttophp.altervista.org/morrisguest-ing.htm Description: Morris Guestbook is a text-based guestbook with the following features: Data storing on text file, paging of messages on screen, words crypting, counting of inserted messages, blockage of messages with both html tags...

0.2AI score
Exploits0
Rows per page
Query Builder