Lucene search
K

6805 matches found

Packet Storm
Packet Storm
added 2010/04/16 12:0 a.m.49 views

Apache OFBiz Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Apache OFBiz 1. Advisory Information Title: Multiple XSS in Apache OFBiz Advisory ID: BONSAI-2010-0103 Advisory URL:...

4.3CVSS0.22941EPSS
Exploits15
Prion
Prion
added 2010/04/06 4:30 p.m.12 views

Design/Logic Flaw

Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of 1 form values and 2 JSignal arguments, which has unspecified impact and remote attack vectors...

9.3CVSS7.4AI score0.01272EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2010/04/06 12:0 a.m.21 views

CVE-2010-1238

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values...

5CVSS5.9AI score0.01975EPSS
Exploits0References2
Prion
Prion
added 2010/04/05 3:30 p.m.19 views

Design/Logic Flaw

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values...

5CVSS7.1AI score0.01975EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2010/03/30 6:30 p.m.17 views

Heap overflow

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

6.8CVSS8.5AI score0.18573EPSS
Exploits5References6Affected Software2
Cvelist
Cvelist
added 2010/03/30 6:0 p.m.31 views

CVE-2010-0520

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

9.5AI score0.18573EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2010/03/23 3:42 p.m.5 views

kernel: sys_move_pages infoleak

The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying a node that is not part of the...

4.6CVSS7.2AI score0.01819EPSS
Exploits3References4
Atlassian
Atlassian
added 2010/03/01 3:54 a.m.28 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/01 3:54 a.m.21 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2010/02/17 12:0 a.m.41 views

CVE-2010-0415

The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying a node that is not part of the...

4.6CVSS7.1AI score0.01819EPSS
Exploits3References2
Check Point Advisories
Check Point Advisories
added 2010/02/09 12:0 a.m.6 views

Microsoft SMB NTLM Authentication Lack of Entropy (MS10-012; CVE-2010-0231)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. An elevation of privilege vulnerability has been reported in the way that Microsoft Server Message Block SMB Protocol software handles authentication attempts. The vulnerability is due to a lack of...

10CVSS8.9AI score0.41262EPSS
Exploits5
Zero Day Initiative
Zero Day Initiative
added 2010/01/21 12:0 a.m.30 views

RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's...

10CVSS5.4AI score0.08101EPSS
Exploits1References1
Prion
Prion
added 2009/12/17 5:30 p.m.26 views

Design/Logic Flaw

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...

7.8CVSS6.2AI score0.01616EPSS
Exploits1References12Affected Software2
NVD
NVD
added 2009/12/16 6:30 p.m.34 views

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

4.3CVSS6.3AI score0.0179EPSS
Exploits0References9
Prion
Prion
added 2009/12/16 6:30 p.m.20 views

Code injection

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

4.3CVSS6.9AI score0.0179EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.18 views

Mandriva Security Advisory MDVSA-2009:030-1 (amarok)

The remote host is missing an update to amarok announced via advisory MDVSA-2009:030-1. OpenVAS Vulnerability Test $Id: mdksa20090301.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:030-1 amarok Authors: Thomas Reinke Copyright: Copyright c 2009 E-So...

9.3CVSS1AI score0.06903EPSS
Exploits2
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.15 views

Mandriva Security Advisory MDVSA-2009:259-1 (snort)

The remote host is missing an update to snort announced via advisory MDVSA-2009:259-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

6.8CVSS6.4AI score0.02269EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.19 views

Mandriva Security Advisory MDVSA-2009:223-1 (xerces-c)

The remote host is missing an update to xerces-c announced via advisory MDVSA-2009:223-1. OpenVAS Vulnerability Test $Id: mdksa20092231.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:223-1 xerces-c Authors: Thomas Reinke Copyright: Copyright c 2009...

4.3CVSS9.4AI score0.05324EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/12/09 12:0 a.m.16 views

moziloCMS Multiple Cross Site Scripting Vulnerabilities

The host is running moziloCMS and is prone to Multiple Cross Site Scripting Vulnerabilities OpenVAS Vulnerability Test $Id: gbmoziloCMSmultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ moziloCMS Multiple Cross Site Scripting Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009...

4.3CVSS0.1AI score0.01189EPSS
Exploits1References2
Prion
Prion
added 2009/12/08 5:30 p.m.20 views

Design/Logic Flaw

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

6.4CVSS6.7AI score0.0115EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder