Lucene search
K

1197 matches found

Kitploit
Kitploit
added 2013/04/15 8:48 p.m.15 views

[Canari Framework] Maltego Rapid Transform Development Framework

Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it's first prototype, it has become evident that the...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/02/22 12:0 a.m.42 views

Sun Java JRE XML Signature Command Injection (102993) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host reportedly does not securely process XSLT stylesheets containing XSLT Transforms in XML Signatures. If an attacker can pass a specially crafted XSLT stylesheet to a trusted Java application running on the remote host, it...

9.3CVSS8.8AI score0.03554EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2013/02/11 12:0 a.m.37 views

Oracle Java AWT Image Transform Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Java AWT Image...

7.5CVSS2.6AI score0.07714EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/01/31 7:31 p.m.5 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 7:6 p.m.6 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.5 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:41 p.m.6 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:31 p.m.6 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:27 p.m.5 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:7 p.m.6 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
0day.today
0day.today
added 2012/12/05 12:0 a.m.53 views

Ektron 8.02 XSLT Transform Remote Code Execution

This Metasploit module exploits a vulnerability in Ektron CMS 8.02 before SP5. The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute...

7.5CVSS1AI score0.67776EPSS
Exploits6
Exploit DB
Exploit DB
added 2012/12/05 12:0 a.m.39 views

Ektron 8.02 - XSLT Transform Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3...

9.8CVSS9.6AI score0.67776EPSS
Exploits6
NVD
NVD
added 2012/09/10 10:55 p.m.22 views

CVE-2012-2791

Multiple unspecified vulnerabilities in the 1 decodebandhdr function in indeo4.c and 2 ffividecodeblocks function in ivicommon.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."...

10CVSS6.6AI score0.02856EPSS
Exploits0References9
Cvelist
Cvelist
added 2012/09/10 10:0 p.m.29 views

CVE-2012-2791

Multiple unspecified vulnerabilities in the 1 decodebandhdr function in indeo4.c and 2 ffividecodeblocks function in ivicommon.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."...

9.6AI score0.02856EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2012/09/10 12:0 a.m.34 views

CVE-2012-2791

Multiple unspecified vulnerabilities in the 1 decodebandhdr function in indeo4.c and 2 ffividecodeblocks function in ivicommon.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."...

10CVSS7.2AI score0.02856EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2012/08/29 4:19 a.m.5 views

Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that...

5CVSS7.5AI score0.03957EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2012/06/21 12:0 a.m.37 views

Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X...

7.5CVSS4.7AI score0.28623EPSS
Exploits9References1
ThreatPost
ThreatPost
added 2012/03/08 7:12 p.m.9 views

Outer Ear Authentication

The insides of our ears are a mysterious place for most of us. It turns out, however, that there’s more going on in there than we expected. In a study presented at the IEEE Fourth International Conference on Biometrics in September of 2010, researchers used a shape-finding algorithm to determine ...

0.9AI score
Exploits0References3
OpenVAS
OpenVAS
added 2012/02/12 12:0 a.m.46 views

Debian Security Advisory DSA 2399-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2399-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS8.7AI score0.83911EPSS
Exploits32References1
OpenVAS
OpenVAS
added 2012/02/12 12:0 a.m.56 views

Debian: Security Advisory (DSA-2399-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.83911EPSS
Exploits32References3
Rows per page
Query Builder