Lucene search
K

280 matches found

rustsec
rustsec
added 2019/10/08 12:0 p.m.13 views

Test advisory with associated example crate

This is a test advisory useful for verifying RustSec tooling and vulnerability detection pipelines are working correctly. Aside from the fact that it is filed against an example crate, it is otherwise considered by the Advisory Database itself to be a normal security advisory. It's filed against...

1.8AI score
Exploits0Affected Software1
vulnersosv
vulnersosv
added 2019/06/27 5:24 p.m.5 views

cn.dceast.platform:platform-security-starter (=2.2.3), com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.0.114-RELEASE) +45 more potentially affected by CVE-2019-11272 via org.springframework.security:spring-security-cas (>=3.1.0.RELEASE <=4.1.3.RELEASE)

org.springframework.security:spring-security-cas MAVEN version =3.1.0.RELEASE, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.0, =0.3.1, =0.3.1, =0.3.2 and more Source cves: CVE-2019-11272 Source advisory: OSV:GHSA-V33X-PRHC-GPH5...

7.5CVSS6.7AI score0.0137EPSS
Exploits0
coalfire
coalfire
added 2019/06/19 7:31 p.m.116 views

Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel

As a penetration tester at Coalfire Labs, I frequently use exploitation frameworks such as Metasploit or PowerShell Empire to perform post-exploitation actions on compromised endpoints. While anti-virus AV bypass and detection avoidance is often trivial in all but the most mature environments,...

3.3AI score
Exploits0
osv
osv
added 2019/04/11 8:29 p.m.1 views

DEBIAN-CVE-2019-9628

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...

7.5CVSS7AI score0.02052EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2019/03/13 12:0 a.m.4 views

The vulnerability in the Azure IoT SDK’s tooling framework, related to errors in the certificate validation process, allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the Azure IoT SDK development tools is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack remotely...

6.8CVSS6.3AI score0.02131EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2019/01/25 4:18 p.m.6 views

com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.1.36-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.88-RC1 <=1.1.27-RELEASE) +684 more potentially affected by CVE-2019-3773 via org.springframework.ws:spring-xml (>=1.0-m2 <=2.4.3.RELEASE)

org.springframework.ws:spring-xml MAVEN version =1.0-m2, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.1.0-RELEASE, =1.0.83-RC1, =1.0.83-RC1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.2.0.M5 - com.coherentlogic.cmr.api:cmr-api-core =2.0.2.1-RELEASE - com.coherentlogic.cmr.api:cmr-api-core-bo...

9.8CVSS7.1AI score0.0411EPSS
Exploits0
vulnersosv
vulnersosv
added 2019/01/25 4:18 p.m.6 views

com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.1.3-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.88-RC1 <=1.1.3-RELEASE) +336 more potentially affected by CVE-2019-3772 via org.springframework.integration:spring-integration-xml (>=1.0.1.RELEASE <=4.3.17.RELEASE)

org.springframework.integration:spring-integration-xml MAVEN version =1.0.1.RELEASE, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.1.0-RELEASE, =1.0.83-RC1, =1.0.83-RC1, =1.0.19-RELEASE, =1.2.2-RELEASE, =1.2.23-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.2.1-RELEASE, =0.0.3, =1.0.1, =2.1.1 and more...

9.8CVSS7.2AI score0.03002EPSS
Exploits0
vulnersosv
vulnersosv
added 2019/01/25 4:18 p.m.5 views

com.ahome-it:ahome-tooling-server-core (>=1.0.110-RELEASE <=1.1.3-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.111-RELEASE <=1.1.3-RELEASE) +19 more potentially affected by CVE-2019-3772 via org.springframework.integration:spring-integration-ws (>=1.0.1.RELEASE <=4.3.17.RELEASE)

org.springframework.integration:spring-integration-ws MAVEN version =1.0.1.RELEASE, =1.0.110-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.1.0-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.0.19-RELEASE, =1.2.2-RELEASE, =1.2.23-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.2.1-RELEASE, =0.0.3,...

9.8CVSS7.2AI score0.03002EPSS
Exploits0
gitee
gitee
added 2019/01/17 3:59 p.m.8 views

exploitdb-bin-sploitsss

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is intended to serve as the...

7.8AI score
Exploits0
ibm
ibm
added 2018/11/22 5:20 p.m.34 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux - July 2018

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by Rational Developer for i and Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in July 2018 CVE-2017-3736 CVE-2017-3732...

10CVSS0.3AI score0.26335EPSS
Exploits1Affected Software2
zdt
zdt
added 2018/11/05 12:0 a.m.287 views

Intel (Skylake / Kaby Lake) - PortSmash CPU SMT Side-Channel Exploit

Exploit for hardware platform in category local exploits Intel Skylake / Kaby Lake - PortSmash CPU SMT Side-Channel Exploit Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading ...

0.1AI score0.03418EPSS
Exploits4
ibm
ibm
added 2018/11/02 9:5 a.m.30 views

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products

Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86...

10CVSS0.5AI score0.26335EPSS
Exploits1Affected Software1
ibm
ibm
added 2018/10/23 3:50 p.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Upgrade the JRE in order to resolve the...

10CVSS1.1AI score0.26335EPSS
Exploits1Affected Software2
msrc
msrc
added 2018/10/02 11:4 p.m.59 views

Standing behind “MSRC Listens”

Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...

7.2AI score
Exploits0
ibm
ibm
added 2018/10/02 8:10 p.m.32 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Corporate Payment Services. Financial Transaction Manager for Corporate Payment Services FTM CPS has addressed the applicable CVEs. Vulnerability Details CVEID:...

7.8CVSS0.8AI score0.15934EPSS
Exploits1Affected Software1
msrc
msrc
added 2018/10/02 7:0 a.m.10 views

Standing behind “MSRC Listens”

Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...

1.7AI score
Exploits0
msrc
msrc
added 2018/10/02 7:0 a.m.11 views

Standing behind “MSRC Listens”

Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...

6.9AI score
Exploits0
ibm
ibm
added 2018/09/25 1:10 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Spectrum LSF Analytics

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and IBM® Runtime Environment Java™ Version 7 used by IBM Spectrum LSF Analytics. IBM Spectrum LSF Analytics has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the I...

10CVSS0.9AI score0.26335EPSS
Exploits1Affected Software1
redhat
redhat
added 2018/09/17 2:54 p.m.7 views

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

7.4CVSS7.2AI score0.04513EPSS
Exploits0References4
redhat
redhat
added 2018/09/17 2:51 p.m.6 views

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

7.4CVSS7.2AI score0.04513EPSS
Exploits0References4
Rows per page
Query Builder