Lucene search
K

701 matches found

CNVD
CNVD
added 2017/07/03 12:0 a.m.10 views

Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...

8.8CVSS7AI score0.04527EPSS
Exploits1References1
CNVD
CNVD
added 2017/06/29 12:0 a.m.2 views

Multiple SQL Injection Vulnerabilities in Ranzhi Collaboration Office Management System

RANZI Coworking Management System is an open source coworking system for small and medium-sized enterprises. Ranzhi Collaboration Office Management System version 4.2.3 has multiple SQL injection vulnerabilities, which can be exploited by attackers to obtain sensitive database information...

8AI score
Exploits0
CNVD
CNVD
added 2017/05/26 12:0 a.m.5 views

systemd-resolved denial of service vulnerability

systemd-resolved is a system service used to manage network name resolution. A denial of service vulnerability exists in systemd-resolved version 233 and earlier. A remote attacker could use this vulnerability to cause a denial of service daemon crash with a specially crafted DNS response...

7.5CVSS6.8AI score0.15422EPSS
Exploits0References1
OSV
OSV
added 2017/04/24 7:59 p.m.3 views

CVE-2017-3582

Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite subcomponent: Backup/Restore Utility. Supported versions that are affected are 2.3.8 and 2.3.13. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the...

8.4CVSS5.8AI score0.00454EPSS
Exploits0References3
CNVD
CNVD
added 2017/04/20 12:0 a.m.5 views

MantisBT 'Timeline include' page cross-site scripting vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the Timeline include page used in the My View myviewpage.php and User...

6.1CVSS6.3AI score0.01754EPSS
Exploits1References1
OSV
OSV
added 2017/01/27 10:59 p.m.8 views

CVE-2017-3412

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...

8.2CVSS7.3AI score0.01248EPSS
Exploits0References2
OSV
OSV
added 2017/01/20 8:59 a.m.4 views

UBUNTU-CVE-2016-8642

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available...

5.3CVSS6AI score0.01196EPSS
Exploits0References3
CNVD
CNVD
added 2016/11/04 12:0 a.m.5 views

Exponent CMS 'src' Parameter SQL Injection Vulnerability

Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...

9.8CVSS9.7AI score0.02567EPSS
Exploits1References1
CNVD
CNVD
added 2016/11/04 12:0 a.m.7 views

Exponent CMS 'version' Parameter SQL Injection Vulnerability

Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...

9.8CVSS9.7AI score0.0308EPSS
Exploits1References1
OSV
OSV
added 2016/07/07 3:59 p.m.1 views

DEBIAN-CVE-2016-2119

libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2 SMB2SESSIONFLAGISNULL flag...

7.5CVSS8.1AI score0.03097EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Cisco IOS operating system, which allows a malicious actor to trigger a service failure

Cisco IOS software contains numerous vulnerabilities in the implementation of Network Meeting Directory Lightweight Directory Access Protocol, LDAP, Session Initiation Protocol, and H.323 protocols. When these vulnerabilities are exploited, a CSCtd10712 error can be triggered, resulting in a rout...

7.8CVSS5.5AI score0.01787EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/06/07 12:0 a.m.4 views

Puppet Server and Agent Arbitrary Code Execution Vulnerability

Puppet Server and Agent are both U.S. Puppet Labs based on the client/server C/S architecture of the configuration management tool, the tool can be used to manage configuration files, users, cron tasks, packages, system services and so on. An arbitrary code execution vulnerability exists in Puppe...

9.8CVSS6.8AI score0.01563EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/10 12:0 a.m.3 views

SolarWinds Storage Resource Monitor Profiler SQL Injection Vulnerability

SolarWinds Storage Resource Monitor SRM Profiler formerly known as Storage Manager, STM is a set of Web-based data storage management software from SolarWinds Inc. that integrates storage monitoring, reporting, alarming, and predictive analytics. A SQL injection vulnerability exists in the Web...

10CVSS8.6AI score0.70167EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/22 12:0 a.m.4 views

Fortinet FortiOS Access Privilege Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An access...

9.3CVSS7.2AI score0.03401EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/22 12:0 a.m.3 views

Linux kernel IPC object implementation race condition vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A contention condition vulnerability exists in the IPC object implementation of Linux kernel 4.2.3 and earlier. As the 'ipcaddid' function adds incompletely initialized object...

6.9CVSS6.3AI score0.00412EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2015/10/05 12:0 a.m.9 views

PT-2015-6831 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.2.3 Description: The issue is related to an incorrect sequence of protocol-initialization steps in the sctp init function, which can cause a denial of service, resulting in a panic or memory corruption. This c...

10CVSS7.3AI score0.2593EPSS
Exploits72References480
CNVD
CNVD
added 2015/07/30 12:0 a.m.5 views

Fortinet FortiGate FortiOS Security Bypass Vulnerability

Fortinet FortiGate running FortiOS is a set of security operating system developed by American Fitta Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security feature...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2015/07/10 12:0 a.m.4 views

Fastspot BigTree 'admin.php' Script HTML Injection Vulnerability

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. An HTML injection vulnerability exists in Fastspot BigTree CMS versions prior to 4.2.3, which stems from the program failing to adequately filter user-submitted input. When...

7.6AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.8 views

Vulnerabilities of the CentOS operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities exist in the glibc-2.3.4 package of the CentOS operating system. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

7.2CVSS6.8AI score0.14323EPSS
Exploits6References10Affected Software1
PyPA
PyPA
added 2014/09/30 2:55 p.m.7 views

PYSEC-2014-44

Cross-site scripting XSS vulnerability in safehtml.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.9AI score0.00967EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder