Lucene search
+L

3083 matches found

OSV
OSV
added 2018/01/22 4:29 a.m.5 views

CVE-2017-18047

Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply...

9.8CVSS6.1AI score0.19727EPSS
Exploits2References3
OSV
OSV
added 2018/01/18 2:29 a.m.6 views

CVE-2018-2671

Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products subcomponent: Supplier Registration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSo...

6.5CVSS7.3AI score0.01476EPSS
Exploits0References3
OSV
OSV
added 2018/01/18 2:29 a.m.4 views

CVE-2018-2683

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: POS. Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitalit...

7.5CVSS7.3AI score0.01494EPSS
Exploits0References2
OSV
OSV
added 2018/01/18 2:29 a.m.4 views

CVE-2018-2660

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network...

7.4CVSS5.8AI score0.01055EPSS
Exploits3References3
OSV
OSV
added 2018/01/18 2:29 a.m.5 views

CVE-2017-10301

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: Enterprise Portal. The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

8.1CVSS7.3AI score0.01475EPSS
Exploits0References3
CNVD
CNVD
added 2018/01/10 12:0 a.m.4 views

TRENDnet TEW-823DRU Device Elevation of Privilege Vulnerability

The TRENDnet TEW-823DRU devices is a dual-band wireless router device from TRENDnet. A security vulnerability exists in TRENDnet TEW-823DRU devices using firmware versions prior to 1.00b36, where a hard-coded password is used for the root account. A remote attacker can exploit the vulnerability t...

10CVSS7.2AI score0.01983EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/01/01 12:0 a.m.5 views

PT-2018-2503 · Live555 +2 · Live555 Rtsp Server Library +2

Name of the Vulnerable Software and Affected Versions: LIVE555 RTSP server library version 0.92 Description: The issue is related to a buffer overflow error in the HTTP packet parser implementation of the LIVE555 RTSP server library. This can be exploited by a remote attacker using a specially...

10CVSS9AI score0.09487EPSS
Exploits4References49
RedHat Linux
RedHat Linux
added 2017/12/15 10:34 p.m.6 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.4 views

undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 4:48 p.m.8 views

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

4.3CVSS7.4AI score0.0258EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/12/13 4:48 p.m.7 views

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

4.3CVSS7.4AI score0.01686EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/12/13 4:48 p.m.9 views

OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

5.3CVSS7.4AI score0.16181EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2017/12/06 1:42 p.m.6 views

OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

5.3CVSS7.4AI score0.16181EPSS
Exploits2References4
CNVD
CNVD
added 2017/12/04 12:0 a.m.4 views

Cisco Data Center Network Manager Software HTTP Injection Vulnerability

Cisco Data Center Network Manager DCNM Software is a data center management system from Cisco USA. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An HTTP injection vulnerability exists in the web interface in Cisco...

6.1CVSS7.2AI score0.00926EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/30 12:0 a.m.3 views

Haxx curl and libcurl denial of service vulnerabilities

Haxx curl and libcurl are both products of the Swedish company Haxx. curl is a set of file transfer tools that utilize URL syntax to work at the command line. libcurl is a free, open source client-side URL transfer library. A denial of service vulnerability exists in the FTP wildcard function in...

9.8CVSS6.9AI score0.11175EPSS
Exploits0References1
OSV
OSV
added 2017/11/29 12:0 a.m.3 views

UBUNTU-CVE-2017-8817

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...

9.8CVSS6.8AI score0.11175EPSS
Exploits0References5
OSV
OSV
added 2017/11/25 5:29 p.m.5 views

DEBIAN-CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS8.4AI score0.6332EPSS
Exploits7References1
OSV
OSV
added 2017/11/17 11:29 p.m.9 views

CVE-2017-16566

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication such as passwd and shadow. This can be abused to take full root level control of the device...

9.8CVSS5.8AI score0.02562EPSS
Exploits0References1
OSV
OSV
added 2017/11/07 4:29 p.m.4 views

CVE-2017-12083

An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the...

5.3CVSS5.8AI score0.01144EPSS
Exploits2References1
OSV
OSV
added 2017/11/07 4:29 p.m.5 views

DEBIAN-CVE-2017-2891

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...

9.8CVSS9.6AI score0.0276EPSS
Exploits2References1
Rows per page
Query Builder