CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6117 matches found

OSV•added 2018/02/22 7:29 p.m.•3 views

CVE-2018-7301

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...

9.8CVSS5.9AI score0.01503EPSS

Exploits0References1

OSV•added 2018/02/22 7:29 p.m.•2 views

CVE-2018-7298

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position which could be...

8.1CVSS5.9AI score0.00818EPSS

Exploits0References1

Trellix•added 2018/02/22 12:0 a.m.•15 views

DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path

ARCHIVED STORY DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path By John Fokker · Febraury 22, 2018 At the end of January, the Netherlands was plagued by distributed denial of service DDoS attacks targeting various financial institutions, tech sites, and the Dutch tax...

6.9AI score

Exploits0

Exploit DB•added 2018/02/12 12:0 a.m.•36 views

Juju-run Agent - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juju-run Agent Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Juju agent systems running the juju-run...

10CVSS7.4AI score0.48501EPSS

Exploits5

Prion•added 2018/02/01 5:29 p.m.•13 views

Design/Logic Flaw

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ousetting.ancestordefault to enforce viewperm when no auth token is...

5CVSS6.9AI score0.03169EPSS

Exploits0References8Affected Software1

Cvelist•added 2018/02/01 5:0 p.m.•15 views

CVE-2015-2204

7.5AI score0.03169EPSS

Exploits0References8

Carbon Black Blog•added 2018/01/19 6:30 p.m.•28 views

Infographic: Cyberattacks by the Numbers

As the calendar shifted from December 2016 to January 2017, the prospect of a large-scale cyberattack loomed. Questions over the possible hacking of the 2016 U.S. presidential election swirled and businesses faced a growing attack vector in ransomware. In 2016, ransomware was estimated to be an...

7AI score

Exploits0

ATTACKERKB•added 2017/12/21 4:29 a.m.•1 views

CVE-2017-17824

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batchmanagerunit.php elementids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database...

4.9CVSS8.4AI score0.01504EPSS

Exploits1References4

Prion•added 2017/12/21 4:29 a.m.•12 views

Sql injection

4CVSS5.8AI score0.01504EPSS

Exploits1References3Affected Software1

Trellix•added 2017/12/20 12:0 a.m.•14 views

McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker

ARCHIVED STORY McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker By Trellix · December 20, 2017 In our recent research, we interviewed the actors behind ransomware campaigns. One of the interesting findings was cybercriminals seemed to...

0.7AI score

Exploits0

Carbon Black Blog•added 2017/12/19 5:21 p.m.•43 views

Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns

A Microsoft Word document .doc believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit TAU. The submitting organization did not feel that that document and subsequent payload was fully executing in their analysis environment, and questioned whether or not it was...

7.5AI score

Exploits0

ATTACKERKB•added 2017/12/06 12:29 a.m.•4 views

CVE-2017-17432

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service system crash or application crash via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value...

7.8CVSS5.6AI score0.03053EPSS

Exploits0References5

OSV•added 2017/11/28 12:0 a.m.•0 views

UBUNTU-CVE-2017-15119

The Network Block Device NBD server in Quick Emulator QEMU before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from...

8.6CVSS6.8AI score0.03325EPSS

Exploits0References4

OSV•added 2017/11/22 7:29 p.m.•2 views

CVE-2017-8155

The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and...

8.4CVSS5.9AI score0.00295EPSS

Exploits0References1

OSV•added 2017/11/22 7:29 p.m.•2 views

CVE-2017-8156

The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow t...

6.8CVSS5.8AI score

Exploits0References1