Lucene search
K

8047 matches found

0day.today
0day.today
added 2020/01/24 12:0 a.m.121 views

TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Vulnerability

Exploit for hardware platform in category web applications Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Exploit Author: PCEumel Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/Firmware Version: TP-Link...

0.1AI score
Exploits0
Talos
Talos
added 2019/10/17 12:0 a.m.258 views

YouPHPTube /objects/commentAddNew.json.php comments_id SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...

9.9CVSS8.9AI score0.01389EPSS
Exploits1
0day.today
0day.today
added 2019/09/18 12:0 a.m.55 views

Microsoft Windows Internet Settings Security Feature Bypass Vulnerability

Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019. Exploit Title: Microsoft Windows 'Internet Settings' Misconfiguration Security Feature Bypas...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/08/13 12:0 a.m.40 views

osTicket 1.12 - Persistent Cross-Site Scripting via File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiy...

3.5CVSS5.8AI score0.02733EPSS
Exploits5
Symantec
Symantec
added 2019/04/30 12:0 a.m.25 views

Philips Tasy EMR CVE-2019-6562 Cross Site Scripting Vulnerability

Description Philips Tasy EMR is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

3.5CVSS0.1AI score0.00683EPSS
Exploits0References1Affected Software2
Packet Storm
Packet Storm
added 2019/03/27 12:0 a.m.121 views

Cisco RV320 Unauthenticated Configuration Export

Advisory: Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor. Details ======= Product: Cisco RV320 Dual...

5CVSS0.5AI score0.99876EPSS
Exploits19
Talos
Talos
added 2019/03/26 12:0 a.m.104 views

GOG Galaxy updater temp directory insecure file permissions local privilege elevation vulnerability

Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s Temp directory. An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. Tested Versions...

9.3CVSS8.1AI score0.00598EPSS
Exploits1
Packet Storm
Packet Storm
added 2019/01/24 12:0 a.m.88 views

CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-site scripting product: CA Automic Workload Automation Web Interface AWI formerly Automic Automation Engine, UC4 vulnerable version: 12.0, 12.1, 12.2 fixed version:...

0.3AI score0.02008EPSS
Exploits1
Talos
Talos
added 2019/01/02 12:0 a.m.340 views

Clean My Mac X removeLaunchdAgentAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

7.1CVSS5.9AI score0.00309EPSS
Exploits0
Talos
Talos
added 2019/01/02 12:0 a.m.30 views

CleanMyMac X removeKextAtPath privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. Tested Versions Clean My Mac X 4.04 Product URLs...

7.1CVSS5.9AI score0.00306EPSS
Exploits0
Talos
Talos
added 2019/01/02 12:0 a.m.87 views

CleanMyMac X moveToTrashItemAtPath privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmym...

7.1CVSS6AI score0.00309EPSS
Exploits0
Talos
Talos
added 2019/01/02 12:0 a.m.34 views

CleanMyMac X removeItemAtPath Privilege Escalation Vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...

7.1CVSS6AI score0.00309EPSS
Exploits0
Talos
Talos
added 2019/01/02 12:0 a.m.25 views

Clean My Mac X securelyRemoveItemAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

7.1CVSS5.9AI score0.00309EPSS
Exploits0
Talos
Talos
added 2019/01/02 12:0 a.m.35 views

CleanMyMac X truncateFileAtPath Privilege Escalation Vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...

7.1CVSS6AI score0.00309EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/12/06 12:0 a.m.29 views

Apple Mac OS X Security Updates (HT209341)-03

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.3AI score0.00739EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/10/17 12:0 a.m.59 views

Oracle Java SE Denial of Service Vulnerability (cpuoct2018) - Windows

Oracle Java SE is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.3AI score0.07EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2018/10/09 12:0 a.m.49 views

nss security update

3.36.0-9.0.1 - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed 3.36.0-9 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake the symbol was not exported from libnss...

5.9CVSS1.4AI score0.01496EPSS
Exploits0
CERT
CERT
added 2018/09/05 12:0 a.m.761 views

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

Overview Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Description The Web Proxy...

7.6CVSS6.9AI score0.5389EPSS
Exploits12References2
0day.today
0day.today
added 2018/08/17 12:0 a.m.66 views

Yubico PIV Tool 1.5.0 Buffer Overflow Vulnerability

A buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token. Multiple Vulnerabilities in Yubico Piv ====================================== Overview - -------- Confirmed Affected Versions: 1.5.0 Confirmed Patched...

0.4AI score0.00486EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/07/18 12:0 a.m.63 views

Oracle Java SE Security Updates-01 (jul2018-4258247) - Windows

Oracle Java SE is prone to a remote privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9CVSS7.3AI score0.01944EPSS
Exploits0References2
Rows per page
Query Builder