Lucene search
K

444 matches found

CNVD
CNVD
added 2019/11/19 12:0 a.m.4 views

ZTE C520V21 Privilege Permission and Access Control Error Vulnerability

The ZTE C520V21 is a smart webcam from China's ZTE Corporation ZTE. A Permission Permission and Access Control Error vulnerability exists in the ZTE C520V21 version 2.1.14 and earlier versions, which can be exploited by an attacker to access other unauthorized files or resources by creating a URL...

5.3CVSS6.8AI score0.01284EPSS
Exploits0References1
OSV
OSV
added 2019/04/24 9:29 p.m.2 views

CVE-2019-8995

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user...

6.1CVSS5.8AI score0.01137EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2019/02/20 8:0 a.m.26 views

February 19, 2019—KB4487029 (OS Build 17134.619)

February 19, 2019—KB4487029 OS Build 17134.619 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Enables media content to play e-learning content with plug and play USB adapter cables on...

6.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/12/11 8:0 a.m.77 views

December 11, 2018—KB4471324 (OS Build 17134.471)

December 11, 2018—KB4471324 OS Build 17134.471 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

10CVSS7.3AI score0.69214EPSS
Exploits10
CNVD
CNVD
added 2018/06/20 12:0 a.m.4 views

Infraserver Directory Traversal Vulnerability

infraserver is a RESTful server. A directory traversal vulnerability exists in infraserver. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...

7.5CVSS7.7AI score0.02005EPSS
Exploits1References1
OSV
OSV
added 2018/06/19 5:29 a.m.1 views

DEBIAN-CVE-2018-12564

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...

6.5CVSS6.3AI score0.01504EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/08 12:0 a.m.2 views

Cypserver Directory Traversal Vulnerability

cypserver is a static file server. A directory traversal vulnerability exists in cypserver. An attacker can exploit this vulnerability by placing "... /" in a URL to access the file system...

7.5CVSS7.5AI score0.02005EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/14 12:0 a.m.5 views

Easy Hosting Control Panel Cross-Site Scripting Vulnerability

Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A cross-site scripting vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program failing to properly validate user input. A remote...

6.1CVSS6.1AI score0.01058EPSS
Exploits2References1
CNVD
CNVD
added 2018/03/15 12:0 a.m.5 views

Ajenti Information Disclosure Vulnerability

Ajenti is a Web-based open source server management system developed by Belarusian software developer Eugene Pankov. The system comes with a variety of pre-built plug-ins for configuring and monitoring server software and services such as Apache, scheduled tasks Cron and so on. An information...

7.5CVSS6.5AI score0.01287EPSS
Exploits1References1
OSV
OSV
added 2018/03/13 8:44 p.m.38 views

GHSA-HWHH-2FWM-CFGW Doorkeeper is vulnerable to stored XSS and code execution

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

6.1CVSS6AI score0.01479EPSS
Exploits0References9
OSV
OSV
added 2017/12/14 4:29 p.m.9 views

UBUNTU-CVE-2017-17521

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...

8.8CVSS6.9AI score0.01834EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2017/12/14 12:0 a.m.7 views

PT-2017-14831 · Tin +2 · Tin +2

Name of the Vulnerable Software and Affected Versions: TIN version 2.4.1 Description: The issue concerns the tools/url handler.pl script in TIN, which does not validate strings before launching the program specified by the BROWSER environment variable. This might allow remote attackers to conduct...

8.8CVSS8.8AI score0.01896EPSS
Exploits0References15
CNVD
CNVD
added 2017/12/07 12:0 a.m.2 views

Zhejiang Dahua Network Hard Disk Recorder DH-NVR2104HS-S1 has logical design loopholes

Zhejiang Dahua Network DVR DH-NVR2104HS-S1 is a network DVR that integrates 4-channel 10/100Mbps switch ports and supports 1080P HD real-time real-time preview and so on. A logical design vulnerability exists in the Zhejiang Dahua Network DVR DH-NVR2104HS-S1. An attacker can use the vulnerability...

6.9AI score
Exploits0
OSV
OSV
added 2017/11/20 8:29 p.m.2 views

DEBIAN-CVE-2017-16906

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...

5.4CVSS6.2AI score0.01086EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2017/11/06 8:29 a.m.1 views

CVE-2017-16569

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...

4.9CVSS5.5AI score0.00479EPSS
Exploits0References2
CNVD
CNVD
added 2017/06/22 12:0 a.m.4 views

Cisco WebExCisco WebEx Network Recording Player Buffer Overflow Vulnerability

Cisco WebEx Network Recording Player is a U.S. Cisco Cisco company based on the WebEx network recorder network recording file player. A buffer overflow vulnerability exists in Cisco WebEx Network Recording Player. An attacker can exploit this vulnerability by delivering a malicious ARF file to a...

7.8CVSS7.8AI score0.01594EPSS
Exploits0References1
Citrix
Citrix
added 2017/06/14 12:0 a.m.8 views

How to Create Web Link for Specific Citrix Secure App in XenMobile Store

This article describes how to create web link for specific Citrix Secure App in XenMobile Store...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/03/16 12:0 a.m.7 views

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the Mail component in the Mac OS X operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially crafted URL...

4.3CVSS6.8AI score0.00849EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/02/17 5:59 p.m.11 views

UBUNTU-CVE-2016-6191

Multiple cross-site scripting XSS vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 Description, 2 Location, 3 URL, or 4 Title field...

6.1CVSS6.5AI score0.01193EPSS
Exploits0References2
OSV
OSV
added 2017/02/01 10:59 p.m.3 views

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

5.4CVSS5.8AI score0.00705EPSS
Exploits0References3
Rows per page
Query Builder