Lucene search
K

41 matches found

CNVD
CNVD
added 2021/11/23 12:0 a.m.19 views

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90761)

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

5.4CVSS4.6AI score0.01212EPSS
Exploits3References1
CNVD
CNVD
added 2021/11/23 12:0 a.m.23 views

Open-xchange OX App Suite Information Disclosure Vulnerability (CNVD-2021-90765)

Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company that allows users to more intuitively manage email, tasks, files, etc. An information disclosure vulnerability exists in Open-xchange OX App Suite. An information disclosure...

4.3CVSS1.5AI score0.0121EPSS
Exploits3References1
CNVD
CNVD
added 2021/11/23 12:0 a.m.19 views

Open-xchange OX App Suite Directory Traversal Vulnerability

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A directory traversal vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

6.5CVSS3.5AI score0.02435EPSS
Exploits3References1
CNVD
CNVD
added 2021/11/23 12:0 a.m.21 views

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90759)

Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited...

6.1CVSS3.4AI score0.01113EPSS
Exploits3References1
CNVD
CNVD
added 2021/11/23 12:0 a.m.21 views

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90762)

Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited...

6.1CVSS4.4AI score0.0132EPSS
Exploits3References1
CNVD
CNVD
added 2021/08/27 12:0 a.m.16 views

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22647)

Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from the lack of proper validation of client-side data in the WEB application and can be exploited to inject arbitrary script or HT...

6.1CVSS2AI score0.009EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/23 12:0 a.m.17 views

Multiple Trendnet Products Null Pointer Dereference Vulnerability

TRENDnet TEW-755AP and others are a router from Trendnet, a US-based company. Several Trendnet products are vulnerable to null pointer dereference. A remote attacker could use the vulnerability to send POST requests to applycgi via the lang operation without a language key, resulting in a denial ...

5CVSS4.1AI score0.00961EPSS
Exploits0
CNVD
CNVD
added 2021/07/20 12:0 a.m.19 views

Open-xchange OX App Suite code issue vulnerability (CNVD-2022-28453)

Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A code issue vulnerability exists in Open-xchange OX App Suite, no detailed vulnerability details are...

5.8CVSS5.5AI score0.02002EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2021/06/28 7:11 p.m.124 views

Attackers Breach Microsoft Customer Service Accounts

The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to specific organizations — primarily, U.S.-based IT and government organizations. Microsoft officially announced the attacks after Reuters obtained an email sent to customer...

7.6AI score
Exploits0References8
Krebs on Security
Krebs on Security
added 2021/04/16 12:57 p.m.79 views

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawlin...

9CVSS0.6AI score0.23771EPSS
Exploits0
FireEye
FireEye
added 2021/03/04 12:0 a.m.596 views

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint securit...

7.5CVSS9.8AI score0.99999EPSS
Exploits66References10
Wired Threat Level
Wired Threat Level
added 2021/01/21 2:2 a.m.37 views

Parler Finds a Reprieve in Russia—but Not a Solution

The far-right platform still hasn’t found a US-based home. Where it lands could have serious consequences for its users’ privacy...

2.1AI score
Exploits0
CNVD
CNVD
added 2020/11/19 12:0 a.m.27 views

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22655)

Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...

5.4CVSS4AI score0.00585EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2019/10/01 4:33 p.m.56 views

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who've recently re-indicted him on related charges. NiceHash CTO Matjaž "Iserdo...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2018/10/23 8:27 p.m.34 views

HackerOne: Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based"

Hi, I would like to report something I just recently noticed upon receiving an automated invite from Hackerone for a private program. The program brief clearly states the following in program rules: █████ This is where I believe the issue is. I live in ███ and according to the program rules I...

1.5AI score
Exploits0
HackRead
HackRead
added 2017/08/18 10:44 p.m.124 views

Fake Bittrex cryptocurrency exchange site stealing user funds

By Uzair Amir Bittrex is a US-based cryptocurrency exchange known for buying and selling This is a post from HackRead.com Read the original post: Fake Bittrex cryptocurrency exchange site stealing user funds...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/05/18 4:29 p.m.42 views

Top 5 GDPR Myths: Get the Facts

The General Data Protection Regulation GDPR has been garnering much attention since its formal adoption in April 2016. With the effective date of May 25, 2018 fast approaching, some popular myths have emerged surrounding the regulation. In this blog post, we’ll examine and debunk a few of the mos...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/31 12:0 a.m.58 views

Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Microsoft Interne...

9.3CVSS7.2AI score0.78823EPSS
Exploits12
0day.today
0day.today
added 2012/12/31 12:0 a.m.65 views

Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution...

9.3CVSS0.3AI score0.78823EPSS
Exploits12
The Hacker News
The Hacker News
added 2012/04/21 7:14 p.m.13 views

US-based website covering China's Bo Xilai scandal hacked

US-based website covering China's Bo Xilai scandal hacked A US-based website that has reported extensively on the Bo Xilai scandal in Chongqing says it has been crippled by a concerted hacker attack. The site was rendered inaccessible for much of Thursday, depriving readers of coverage of the...

6.9AI score
Exploits0
Rows per page
Query Builder