Lucene search
K

4560 matches found

Exploit DB
Exploit DB
added 2018/02/12 12:0 a.m.33 views

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/01/17 4:9 p.m.26 views

Security Strategies for DevOps, APIs, Containers and Microservices

More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application developmen...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/12/19 12:0 a.m.2 views

Change Healthcare Conserus Workflow Intelligence Authentication Bypass Vulnerability

Change Healthcare Conserus Workflow Intelligence application is a diagnostic imaging workflow application for hospitals and health systems from Change Healthcare, USA. An authentication bypass vulnerability exists in the Change Healthcare Conserus Workflow Intelligence application version 2.0.2. ...

8.1CVSS7.2AI score0.01206EPSS
Exploits1References1
NVD
NVD
added 2017/12/15 6:29 p.m.17 views

CVE-2017-16776

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

8.1CVSS8.4AI score0.01206EPSS
Exploits1References1
Prion
Prion
added 2017/12/15 6:29 p.m.11 views

Authentication flaw

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

6.8CVSS8.3AI score0.01206EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/12/15 6:29 p.m.4 views

CVE-2017-16776

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

8.1CVSS5.8AI score0.01206EPSS
Exploits1References1
CVE
CVE
added 2017/12/15 6:0 p.m.51 views

CVE-2017-16776

CVE-2017-16776 concerns Change Healthcare’s Conserus Workflow Intelligence (McKesson Medical Imaging) v2.0.2, where an authentication bypass exists. The exposed component allows exploitation via a malicious HTTP GET request, enabling both unauthenticated users to gain limited access and authentic...

8.1CVSS8.3AI score0.01206EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/12/15 6:0 p.m.15 views

CVE-2017-16776

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

8.4AI score0.01206EPSS
Exploits1References1
Kitploit
Kitploit
added 2017/12/14 8:38 p.m.15 views

Droidefense - Advance Android Malware Analysis Framework

Droidefense originally named atom: a nalysis t hrough o bservation m achine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...

0.5AI score
Exploits0References4
Metasploit
Metasploit
added 2017/10/30 10:26 a.m.47 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1140752 include...

7.3AI score
Exploits0
n0where
n0where
added 2017/10/19 4:42 a.m.59 views

DumpsterFire Toolset: Security Incidents In A Box

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support a...

7.8AI score
Exploits0References1
OSV
OSV
added 2017/10/13 4:29 p.m.4 views

CVE-2017-15014

OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the...

4.3CVSS5.9AI score0.04946EPSS
Exploits4References3
Kitploit
Kitploit
added 2017/09/26 1:43 p.m.12 views

SCUTUM - Linux Automatic ARP (TCP / UDP / ICMP) Firewall

SCUTUM - Linux Automatic ARP TCP / UDP / ICMP Firewall Current Version Change log: 1. Added Self-Upgrading Function, now users can execute self-upgrading with $ sudo scutum --upgrade 2. Added AVALON Framework Self-Upgrading function included when using "--upgrade" parameter Recent Changes: 1...

7.3AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2017/09/11 11:12 a.m.53 views

A Hardware Privacy Monitor for iPhones

Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a...

7AI score
Exploits0
OSV
OSV
added 2017/08/29 1:35 a.m.3 views

CVE-2017-2258

Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications"...

4.3CVSS5.9AI score
Exploits0References2
CNVD
CNVD
added 2017/08/22 12:0 a.m.3 views

Two Arbitrary File Upload Vulnerabilities Exist in the Backend of Bunker Buster Machine

Bunker Fortress is the industry's first software form of the Fortress, providing a centralized authentication, centralized access authorization, centralized access management, centralized operation audit and a single point of simplified operation and management required for remote operations and...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2017/08/10 12:0 a.m.36 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 build 7072.0 build...

7.3AI score
Exploits0
rapid7community
rapid7community
added 2017/07/06 5:22 p.m.90 views

Remediation Workflow Now Integrates with ServiceNow

Today were sharing an update to Remediation Workflow Ticketing capabilities. We are pleased to announce that Remediation Workflow in InsightVM now integrates with ServiceNow. One of the main benefits of Remediation Workflow Ticketing is to improve collaboration between security and remediation...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/06/28 2:43 p.m.32 views

Moderate: Red Hat Security Advisory: openstack-mistral security, bug fix, and enhancement update

An update for openstack-mistral is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.9CVSS6.1AI score0.00372EPSS
Exploits0References3
n0where
n0where
added 2017/05/30 5:23 p.m.55 views

Open Source Incident Management & Response Platform: Cyphon

Open Source Incident Management & Response Platform Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis. Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and...

0.5AI score
Exploits0References2
Rows per page
Query Builder