Lucene search
K

6835 matches found

OpenVAS
OpenVAS
added 2013/05/15 12:0 a.m.30 views

Microsoft Office Publisher Remote Code Execution Vulnerability (2830397)

This host is missing an important security update according to Microsoft Bulletin MS13-042. OpenVAS Vulnerability Test $Id: secpodms13-042.nasl 6115 2017-05-12 09:03:25Z teissa $ Microsoft Office Publisher Remote Code Execution Vulnerability 2830397 Authors: Antu Sanadi Copyright: Copyright c 201...

10CVSS0.3AI score0.29027EPSS
Exploits1References5
Prion
Prion
added 2013/04/24 10:28 a.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values...

4.3CVSS5.9AI score0.01812EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2013/04/05 12:0 a.m.33 views

Ubuntu Update for libxslt USN-1784-1

Check for the Version of libxslt OpenVAS Vulnerability Test $Id: gbubuntuUSN17841.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for libxslt USN-1784-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

5CVSS9.6AI score0.04286EPSS
Exploits1References2
Kitploit
Kitploit
added 2013/04/02 11:13 p.m.62 views

[Acunetix Web Vulnerability Scanner 8] Automated Web Application Security Testing Tool

Acunetix W eb V ulnerability S canner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2013/03/27 3:23 p.m.58 views

Windows Gather Microsoft Office Word UNC Path Injector

This module modifies a remote .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. Verified to work with Microsoft Word 2003, 2007, 2010, and 2013. In order to get the hashes the auxiliary/server/capture/smb module can be used. This module requires Metasploit:...

6.8AI score
Exploits0
NVD
NVD
added 2013/03/07 3:55 p.m.27 views

CVE-2013-2486

The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via crafted integer...

6.1CVSS5.5AI score0.01269EPSS
Exploits0References12
Prion
Prion
added 2013/03/07 3:55 p.m.24 views

Design/Logic Flaw

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service infinite loop via crafted integer values in a packet, related to the 1...

7.8CVSS6.7AI score0.03365EPSS
Exploits0References12Affected Software3
Prion
Prion
added 2013/03/07 3:55 p.m.51 views

Integer overflow

The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via crafted integer...

6.1CVSS6.7AI score0.01269EPSS
Exploits0References12Affected Software3
UbuntuCve
UbuntuCve
added 2013/03/07 3:55 p.m.27 views

CVE-2013-2487

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service infinite loop via crafted integer values in a packet, related to the 1...

7.8CVSS6.6AI score0.03365EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2013/03/07 3:0 p.m.36 views

CVE-2013-2487

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service infinite loop via crafted integer values in a packet, related to the 1...

7.8CVSS5.8AI score0.03365EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/03/05 12:0 a.m.24 views

RedHat Update for libxml2 RHSA-2013:0581-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS9.6AI score0.02856EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.7 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.7 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.05673EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-1733-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.13911EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/02/11 12:0 a.m.28 views

MantisBT < 1.2.12 Multiple Vulnerabilities

According to its version number, the MantisBT install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an information disclosure vulnerability due to a flaw in using default values to determine if a user has sufficient privileges to modify...

5.5CVSS5.6AI score0.01883EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2013/02/11 12:0 a.m.44 views

Ruby Activemodel Gem -- Circumvention of attr_protected

Aaron Patterson reports: The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All use...

4.3CVSS6.3AI score0.0246EPSS
Exploits1
OSV
OSV
added 2013/01/13 10:55 p.m.3 views

DEBIAN-CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7AI score0.05673EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2013/01/13 10:55 p.m.5 views

CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS5.6AI score0.05673EPSS
Exploits4References13
Prion
Prion
added 2013/01/13 8:55 p.m.20 views

Stack overflow

Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies...

9.3CVSS8.3AI score0.07633EPSS
Exploits1References10Affected Software14
Tenable Nessus
Tenable Nessus
added 2013/01/11 12:0 a.m.43 views

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762...

10CVSS8.9AI score0.73364EPSS
Exploits18References13
Rows per page
Query Builder