Lucene search
K

2565 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/30 12:0 a.m.40 views

JVN#66984217: MATCHA INVOICE vulnerable to code injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute...

6.8CVSS7.4AI score0.01321EPSS
Exploits0
exploitpack
exploitpack
added 2015/09/30 12:0 a.m.40 views

MakeSFX.exe 1.44 - Local Stack Buffer Overflow

MakeSFX.exe 1.44 - Local Stack Buffer Overflow ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt Vendor: ================================ freeextractor.sourceforge.net/FreeExtractor...

0.6AI score
Exploits0
CNVD
CNVD
added 2015/09/20 12:0 a.m.4 views

Apple iOS Webkit Memory Corruption Vulnerability (CNVD-2015-06181)

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A memory corruption vulnerability exists in Webkit used by Apple iOS, which allows attackers to construct a malicious web page and trick users into parsing it, which could crash the application or execute...

6.8CVSS7.2AI score0.02505EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/02 12:0 a.m.8 views

HP Intelligent Provisioning Arbitrary Code Execution Vulnerability

HP Intelligent Provisioning is a set of server configuration tools developed by Hewlett-Packard HP. A security vulnerability exists in HP Intelligent Provisioning. A remote attacker could exploit this vulnerability to execute arbitrary code...

10CVSS7.5AI score0.08861EPSS
Exploits0References1
Prion
Prion
added 2015/08/31 8:59 p.m.14 views

Code injection

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service Embedded Services Processor crash via a crafted 1 IPv4 or 2 IPv6 packet, aka Bug ID CSCsw69990...

7.8CVSS7.2AI score0.01925EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/08/25 12:0 a.m.6 views

Elasticsearch Logstash Security Bypass Vulnerability (CNVD-2015-05626)

Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security bypass vulnerability exists in Elasticsearch Logstash. An attacker can exploit this vulnerabilit...

5.9CVSS6.8AI score0.01219EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/19 12:0 a.m.2 views

Apple OS X suffers from unspecified Admin privilege acquisition vulnerability

Apple OS X is a BSD-based operating system distributed by Apple. Apple OS X suffers from a memory corruption vulnerability that allows attackers to exploit the vulnerability to gain admin privileges...

7.2CVSS7AI score0.0039EPSS
Exploits0References1
0day.today
0day.today
added 2015/07/29 12:0 a.m.28 views

phpFileManager 0.9.8 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: CSRF Remote Backdoor Shell Google Dork: intitle: CSRF Remote Backdoor Shell Date: 2015-07-29 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: phpfm.sourceforge.net Software Link:...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/05/26 12:0 a.m.1 views

Hikvision DS-7108HWI-SH XML External Entity Injection Vulnerability

Hikvision DS-7108HWI-SH is a digital video recorder product from Hikvision. An XML external entity injection vulnerability exists in the Hikvision DS-7108HWI-SH, which allows an attacker to exploit the vulnerability to obtain sensitive information or conduct denial-of-service attacks via special...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2015/05/20 12:0 a.m.7 views

t1utils Buffer Overflow Vulnerability

t1utils is a library for manipulating PostScript Type 1 fonts. A buffer overflow vulnerability exists in t1utils that could be exploited by an attacker to execute arbitrary code or conduct a denial of service attack...

7.5CVSS8AI score0.06905EPSS
Exploits1References1
CNVD
CNVD
added 2015/05/14 12:0 a.m.5 views

Microsoft Windows Journal File Handling Arbitrary Code Execution Vulnerability (CNVD-2015-03113)

Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows' handling of specially crafted Journal .jnt files allows remote attackers to exploit the vulnerability to construct malicious files that can be parsed by a user and can be used in an application context...

9.3CVSS7.3AI score0.14217EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/04 12:0 a.m.5 views

Apple Mac OS X ATS fontd local elevation of privilege vulnerability

Apple Mac OS X is a popular operating system. Apple Mac OS X has a security vulnerability in ATS fontd that allows local attackers to exploit the vulnerability to elevate privileges...

6.4AI score
Exploits0References1
GithubExploit
GithubExploit
added 2015/04/28 4:4 a.m.3 views

wpsploit

WPSploit WPSploit - Exploiting WordPress With Metasploi...

6.4AI score
Exploits0
CNVD
CNVD
added 2015/04/17 12:0 a.m.6 views

Fedora abrt competitive conditions vulnerability

Fedora is an open, innovative and forward-thinking operating system and platform based on Linux.ABRT is an automated bug detection and reporting tool. A competitive condition vulnerability exists in Fedora abrt. An attacker can exploit this vulnerability to gain privileges...

7CVSS7.2AI score0.03081EPSS
Exploits13References1
CNVD
CNVD
added 2015/03/19 12:0 a.m.5 views

Citrix Netscaler NS10.5 HTTP Header Contamination WAF Bypass Vulnerability

Citrix NetScaler is a network traffic management product A security vulnerability exists in Citrix NetScaler that allows attackers to exploit a vulnerability to bypass WAF protection via HTTP header pollution for unauthorized access...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2015/03/17 12:0 a.m.4 views

Unspecified Vulnerability in HP ArcSight Enterprise Security Manager

HP ArcSight Enterprise Security Manager ESM is a suite of advanced security event managers for analyzing and correlating every event from Hewlett-Packard HP in the United States. The manager supports real-time threat detection, log collection and archiving, network security forensic analysis, and...

10CVSS6.8AI score0.03029EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/12 12:0 a.m.2 views

Foxit Reader Update Service Insecure Service Path Elevation of Privilege Vulnerability

Foxit Reader is a popular application for working with PDF files. A security vulnerability in the Foxit Reader update service allows an attacker to exploit a special executable to trick the update service into executing a file due to the program's failure to properly handle the service path...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2015/03/12 12:0 a.m.6 views

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2015-01649)

Microsoft Internet Explorer is a popular WEB browser. An unspecified memory corruption vulnerability exists in Microsoft Internet Explorer that could allow an attacker to construct a malicious web page and trick a user into parsing it, which could crash the application or execute arbitrary code...

9.3CVSS7.4AI score0.15682EPSS
Exploits0References1
CNVD
CNVD
added 2015/02/12 12:0 a.m.4 views

Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability (CNVD-2015-01124)

The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. A denial of service vulnerability exists in the Cisco Adaptive Security Appliance ASA Software, which can be exploited by attackers to launch denial of service attacks...

5CVSS6.8AI score0.02371EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/26 12:0 a.m.1 views

Adobe Flash Player suffers from unspecified vulnerability (CNVD-2015-00632)

Adobe Flash Player is a Flash file handling program. An unspecified vulnerability exists in Adobe Flash Player, which can be exploited by an attacker to cause the affected application to crash or compromise the affected system...

10CVSS6.8AI score0.8582EPSS
Exploits5References1
Rows per page
Query Builder