Lucene search
+L

47 matches found

CNVD
CNVD
added 2018/05/11 12:0 a.m.7 views

Microsoft .NET Framework and .NET Core Denial of Service Vulnerability (CNVD-2018-09318)

NET Framework and .NET Core are both products of Microsoft Corporation.Microsoft .NET Framework is a comprehensive and consistent programming model and development platform for building applications for Windows, Windows Store, Windows Server, and Microsoft Azure. NET Framework is a comprehensive...

7.5CVSS6.7AI score0.08212EPSS
Exploits0References1
OSV
OSV
added 2017/11/30 9:29 a.m.6 views

CVE-2017-12355

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...

5.3CVSS5.8AI score0.03069EPSS
Exploits0References3
Prion
Prion
added 2017/11/30 9:29 a.m.21 views

Race condition

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...

5CVSS5.5AI score0.03069EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/11/30 9:0 a.m.25 views

CVE-2017-12355

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...

5.5AI score0.03069EPSS
Exploits0References3
Cisco
Cisco
added 2017/11/29 4:0 p.m.63 views

Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...

5.3CVSS5.5AI score0.03069EPSS
Exploits0References1
Veracode
Veracode
added 2016/12/08 5:22 a.m.19 views

XML External Entity (XXE)

PySAML2 is vulnerable to XML external entity attacks XXE. The library does not look for SAML XML requests or responses resulting in the ability to attack...

9CVSS8.8AI score0.02133EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2015/11/02 12:0 a.m.90 views

Milton Webdav 2.7.0.1 XXE Injection

Dear all, I've recently found vulnerability in Milton Webdav 2.7.0.1 project page - http://milton.io/. Milton Webdav is a Java library for adding webdav capabilities to your applications. Milton Webdav supports PROPFIND, PROPPATCH and LOCK methods. This Webdav methods expect XML in request body...

6.4CVSS9.5AI score0.51488EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.4 views

RESTeasy: External entities expanded by DocumentProvider

It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...

6.4CVSS5.8AI score0.01955EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.7 views

RESTeasy: External entities expanded by DocumentProvider

It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...

6.4CVSS5.8AI score0.01955EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2015/03/23 6:18 a.m.51 views

Cisco IP Phones Vulnerable To Remote Eavesdropping

A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability...

6.9CVSS6.9AI score0.01951EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/02/11 8:18 p.m.5 views

RESTeasy: External entities expanded by DocumentProvider

It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...

6.4CVSS5.8AI score0.01955EPSS
Exploits0References4
Mageia
Mageia
added 2014/12/26 5:4 p.m.53 views

Updated resteasy package fix CVE-2014-3490

Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...

7.5CVSS9AI score0.04572EPSS
Exploits0References2
OSV
OSV
added 2014/12/26 5:4 p.m.10 views

MGASA-2014-0547 Updated resteasy package fix CVE-2014-3490

Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...

7.5CVSS6.2AI score0.04572EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/08/11 4:44 p.m.6 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.0 security update

An update for Red Hat JBoss Enterprise Application Platform 6.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

7.5CVSS7.2AI score0.04572EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/08/06 1:2 a.m.41 views

Moderate: Red Hat Security Advisory: resteasy-base security update

Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7.2AI score0.04572EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/08/06 12:0 a.m.37 views

RHEL 7 : resteasy-base (RHSA-2014:1011)

Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7.9AI score0.04572EPSS
Exploits0References3
OSV
OSV
added 2013/02/13 5:55 p.m.2 views

UBUNTU-CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS7.5AI score0.02519EPSS
Exploits0References8
NVD
NVD
added 2012/05/02 10:9 a.m.14 views

CVE-2012-0333

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768...

5CVSS7.1AI score0.01084EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/05/02 10:0 a.m.19 views

CVE-2012-0333

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768...

7.1AI score0.01084EPSS
Exploits0References2
Metasploit
Metasploit
added 2010/02/01 2:12 a.m.41 views

HTTP SOAP Verb/Noun Brute Force Scanner

This module attempts to brute force SOAP/XML requests to uncover hidden methods. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SOAP Verb/Noun Brute Force Scanner', 'Description' = %q Thi...

7AI score
Exploits0
Rows per page
Query Builder