Lucene search
K

174 matches found

CNVD
CNVD
added 2015/03/05 12:0 a.m.3 views

Loxone Smart Home Cross-Site Request Forgery Vulnerability

Loxone Smart Home is a WEB-based application. Loxone Smart Home suffers from a cross-site request forgery vulnerability that allows attackers to steal cookie-based authentication credentials and perform unauthorized operations...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/12/10 12:0 a.m.28 views

Adobe ColdFusion Unspecified DoS (APSB14-29) (credentialed check)

The version of Adobe ColdFusion running on the remote Windows host is affected by an unspecified denial of service vulnerability due to a resource consumption issue. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid79859; scriptversion"1.8"; scriptcvsdate"Date:...

5CVSS5.6AI score0.03046EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2014/08/26 3:10 p.m.9 views

Netflix Open Source Security Tools Solve Range of Challenges

Few organizations experience the scale of Web-based application security challenges that Netflix engineers deal with on a regular basis. Sometimes the response to a threat requires a homespun tool that, more often than not, ends up being released to open source. “Our assumption is that we...

Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - XSS

No description provided by source. |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

interactive story 1.3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3028/info Interactive Story is a web-based application written in Perl and is distributed as freeware. Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/04/10 12:0 a.m.13 views

MobFox mAdserve SQL注入漏洞

Bugtraq ID:66661 MobFox mAdserve是一款基于WEB的广告服务应用。 MobFox mAdserve存在一个SQL注入漏洞,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 MobFox mAdserve 2.0 目前没有详细解决方案: http://www.madserve.org/...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/01/20 11:43 a.m.10 views

Patched Microsoft Office 365 XSS Vulnerability Disclosed

A researcher in the UK disclosed the details of a serious cross-site scripting vulnerability in Office 365 that would allow an attacker with a mailbox on Office 365 to gain administrator rights over the Microsoft Web-based application in an organization. An exploit in an enterprise environment...

5.8AI score
Exploits0References3
Exploit DB
Exploit DB
added 2013/10/04 12:0 a.m.18 views

elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities

Title: ====== elproLOG MONITOR WebAccess 2.1 - Multiple Vulnerabilities Date: ===== 2013-09-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1086 VL-ID: ===== 1086 Common Vulnerability Scoring System: ==================================== 6.7 Introduction: ============...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/08/07 12:0 a.m.15 views

PBBoard - Authentication Bypass

PBBoard - Authentication Bypass source: https://www.securityfocus.com/bid/54862/info PBBoard is a web-based messaging board application implemented in PHP. Attackers may exploit these issues to gain unauthorized access to user accounts or to bypass intended security restrictions. Other attacks ma...

0.5AI score
Exploits0
Cisco
Cisco
added 2012/05/10 9:6 p.m.21 views

Cisco Unified MeetingPlace SQL Injection Vulnerability

Cisco Unified MeetingPlace contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary SQL code on a targeted system. The vulnerability is due to improper validation of user-supplied input to the web-based application interface. An authenticated, remote attack...

8.5CVSS3AI score0.00972EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/03/27 12:0 a.m.20 views

Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injection Vulnerabilities

Binary data 6398.prm...

7.5CVSS7.3AI score0.01778EPSS
Exploits1References3
CERT
CERT
added 2011/12/02 12:0 a.m.16 views

Support Incident Tracker multiple vulnerabilities

Overview Support Incident Tracker or SiT! version 3.65, and possibly earlier versions, contain multiple vulnerabilities including; malicious file uploads, SQL injection, cross-site scripting, and cross-site request forgery. Description According to the SiT! website:"Support Incident Tracker or Si...

8.6AI score
Exploits0References4
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.55 views

XSS Vulnerability in Tracks 1.7.2

Information -------------------- Name : XSS vulnerability in Tracks Software : Tracks 1.7.2. Vendor Hompeage : http://getontracks.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity dot com Advisory Reference : NS-11-003 Description...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2011/03/29 12:0 a.m.23 views

Tracks 1.7.2 Cross Site Scripting

Information -------------------- Name : XSS vulnerability in Tracks Software : Tracks 1.7.2. Vendor Hompeage : http://getontracks.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur Advisory Reference : NS-11-003 Description ------------------ Tracks is a...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/02/27 12:0 a.m.7 views

HP Power Manager Administration Web Server Stack Buffer Overflow (CVE-2010-4113)

HP Power Manager is a web-based application for managing a HP Uninterruptible Power System UPS. The web management console allows users to monitor, manage, and control a single UPS locally and remotely. A buffer overflow vulnerability exists within HP Power Manager. The vulnerability is due to a...

9.3CVSS7.3AI score0.09722EPSS
Exploits4
Saint
Saint
added 2010/12/28 12:0 a.m.43 views

HP Power Manager formLogin buffer overflow

Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...

9.3CVSS7.7AI score0.09722EPSS
Exploits4
Saint
Saint
added 2010/12/28 12:0 a.m.35 views

HP Power Manager formLogin buffer overflow

Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...

9.3CVSS7.7AI score0.09722EPSS
Exploits4
Saint
Saint
added 2010/12/28 12:0 a.m.30 views

HP Power Manager formLogin buffer overflow

Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...

9.3CVSS7.7AI score0.09722EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2010/11/10 12:0 a.m.15 views

HP Systems Insight Manager Detection

HP Systems Insight Manager, a web-based application for managing remote systems, is installed on the remote host. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid50541; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2021/03/22";...

5.5AI score
Exploits0References1
Rows per page
Query Builder