Lucene search
+L

268 matches found

RedHat Linux
RedHat Linux
added 2018/04/30 10:0 a.m.6 views

dpdk: Information exposure in unchecked guest physical to host virtual address translations

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory...

6.1CVSS6.6AI score0.00878EPSS
Exploits0References4
OSV
OSV
added 2018/04/24 12:0 a.m.3 views

UBUNTU-CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions...

6.1CVSS6.7AI score0.00878EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2018/04/04 7:21 p.m.105 views

USN-3619-1: Linux kernel vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...

7.8CVSS7.3AI score0.30052EPSS
Exploits26
OSV
OSV
added 2018/03/25 7:29 p.m.4 views

CVE-2018-8817

Wampserver before 3.1.3 has CSRF in addvhost.php...

8.8CVSS5.8AI score0.03267EPSS
Exploits6References3
OSV
OSV
added 2018/01/31 10:29 p.m.1 views

DEBIAN-CVE-2017-16911

The vhcihcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP...

4.7CVSS7.3AI score0.00391EPSS
Exploits0References1
Kitploit
Kitploit
added 2017/10/13 1:33 p.m.17 views

VHostScan - Virtual Host Scanner

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 slidedeck. Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios whe...

6.9AI score
Exploits0References1
n0where
n0where
added 2017/10/02 4:13 a.m.74 views

HTTP Virtual Host Scanner: VHostScan

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios where results...

6.8AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.25 views

Remote Desktop Virtual Host Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on t...

7.8CVSS3.3AI score0.03619EPSS
Exploits0
Symantec
Symantec
added 2017/09/12 12:0 a.m.54 views

Microsoft Remote Desktop Virtual Host CVE-2017-8714 Remote Code Execution Vulnerability

Description Microsoft Remote Desktop Virtual Host is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code on the affected system. Failed attacks may cause denial-of-service conditions. Technologies Affected Microsoft Windows 10...

6.9CVSS0.7AI score0.03619EPSS
Exploits0Affected Software2
Kaspersky
Kaspersky
added 2017/09/12 12:0 a.m.202 views

KLA11099 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of...

9.8CVSS9.7AI score0.49765EPSS
Exploits20References55
CNVD
CNVD
added 2017/08/28 12:0 a.m.5 views

libapache-authenhook-perl Information Disclosure Vulnerability

libapache-authenhook-perl is a package for Apache login authentication. A security vulnerability exists in libapache-authenhook-perl version 2.00-04, which stems from the program storing usernames and passwords in plaintext in the vhost error log. An attacker can exploit this vulnerability to...

9.8CVSS9.3AI score0.01638EPSS
Exploits0References1
OSV
OSV
added 2017/08/08 9:29 p.m.2 views

DEBIAN-CVE-2010-3845

libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log...

9.8CVSS9.5AI score0.01638EPSS
Exploits0References1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2017/07/07 2:5 a.m.88 views

Top-5 stupid security mistakes in web apps

In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddies as well as by fully automated scanners and internal security checks. Let’s go! 1...

6.5AI score
Exploits0
Metasploit
Metasploit
added 2017/05/10 8:17 p.m.166 views

WordPress PHPMailer Host Header Command Injection

This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered...

9.8CVSS9.7AI score0.99714EPSS
Exploits58
RedHat Linux
RedHat Linux
added 2017/01/25 8:5 p.m.6 views

mod_jk: Buffer overflow when concatenating virtual host name and URI

It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow...

9.8CVSS6.2AI score0.18989EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/01/25 8:4 p.m.5 views

mod_jk: Buffer overflow when concatenating virtual host name and URI

It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow...

9.8CVSS6.2AI score0.18989EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.6 views

mod_jk: Buffer overflow when concatenating virtual host name and URI

It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow...

9.8CVSS6.2AI score0.18989EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2016/10/06 1:17 p.m.35 views

CVE-2016-6808

It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow...

9.8CVSS9AI score0.18989EPSS
Exploits1References2
Apache Tomcat
Apache Tomcat
added 2016/10/06 12:0 a.m.39 views

Fixed in Apache Tomcat JK Connector 1.2.42

Moderate: Buffer Overflow CVE-2016-6808 The IIS/ISAPI specific code implements special handling when a virtual host is present. The virtual host name and the URI are concatenated to create a virtual host mapping rule. The length checks prior to writing to the target buffer for this rule did not...

9.8CVSS7.6AI score0.18989EPSS
Exploits1Affected Software1
seebug.org
seebug.org
added 2016/01/28 12:0 a.m.386 views

Kangle虚拟主机本地文件包含漏洞

测试环境:kangle-3.3.9.msi,ep-2.6.4.exe(官方4-18日更新),windows XP 首先安装kangle server,然后安装easypanel,安装成功后访问http://127.0.0.1:3312/,会自动跳转到http://127.0.0.1:3312/vhost/?c=session&a=loginForm。 然后随便输入用户名密码登陆,如图发送的请求: 然后修改请求url中的参数c的值,将session改为: C=../../../../../../../../../../../windows/system.ini%00...

7.1AI score
Exploits0
Rows per page
Query Builder