Lucene search
K
AttackerkbMost viewed

74967 matches found

ATTACKERKB
ATTACKERKB
added 2021/08/12 12:0 a.m.23 views

CVE-2021-26086

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...

5.3CVSS6.8AI score0.99999EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2021/06/11 12:0 a.m.23 views

CVE-2021-25394

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.4CVSS7.1AI score0.00401EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/06/08 12:0 a.m.23 views

CVE-2021-31955

Windows Kernel Information Disclosure Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.5CVSS8.5AI score0.81107EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2021/02/16 12:0 a.m.23 views

CVE-2021-27102

Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.1AI score0.03624EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/09/18 12:0 a.m.23 views

CVE-2020-8200

Improper authentication in Citrix StoreFront Server 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. Recent assessments: kevthehermit at September 14, 2020 4:27pm UTC reported:...

6.5CVSS1.5AI score0.0133EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/09/17 12:0 a.m.23 views

CVE-2020-11698

An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. Recent assessments: cdelafuente-r7 at...

10CVSS9.6AI score0.73668EPSS
Exploits5References9
ATTACKERKB
ATTACKERKB
added 2020/09/14 12:0 a.m.23 views

CVE-2020-4521

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system...

9CVSS4.2AI score0.06457EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/09/09 12:0 a.m.23 views

CVE-2020-2040

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of...

10CVSS5.7AI score0.03937EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/29 12:0 a.m.23 views

CVE-2020-9691

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution. Recent assessments: ericalexanderorg at August 03, 2020 6:46pm UTC reported: Not enough data ATM to accurately talk...

9.6CVSS1.9AI score0.06018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.23 views

CVE-2020-9819

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. Recent assessments: Assessed Attacker Value: 0 Assessed...

4.3CVSS2AI score0.02178EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/03/16 12:0 a.m.23 views

CVE-2020-5847

Unraid through 6.8.0 allows Remote Code Execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS8.7AI score0.95844EPSS
Exploits8References8
ATTACKERKB
ATTACKERKB
added 2020/02/21 12:0 a.m.23 views

CVE-2019-19452

A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers including low integrity processes can exploit this to gain NT AUTHORITY\SYSTEM privileges. Recent assessments: FULLSHADE at April 21, 2020 3:30pm UTC reported: Overview A...

7.8CVSS3.4AI score0.00507EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.23 views

SMBv2 Symlink to Local File Vulnerability

SMBv2 supports symlinks on remote file systems by returning a special status code STATUSSTOPPEDONSYMLINK when a symlink is encountered on the remote share. It also returns a symlink reparse data buffer to be processed to determine where to redirect the request. While this is supported functionali...

3.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.23 views

CVE-2019-13962 avcodec lavc_CopyPicture Heap Buffer Overflow

VLC media player is a free and open-source portable cross-platform media player software developed by the VideoLAN project. VLC is available for desktop operating systems and mobile platforms, such as Android, iOS, iPadOS, Wizen, Windows 10 Mobile, and Windows Phone. It is also available on digit...

9.8CVSS0.036EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2020/02/12 12:0 a.m.23 views

CVE-2019-17519

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. Recent assessments: pbarry25 at April 19, 2020 2:45am UTC reported: This...

8.8CVSS8.4AI score0.0148EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.23 views

CVE-2020-0665

An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka ‘Active Directory Elevation of Privilege Vulnerability’. Recent...

8.1CVSS8AI score0.04382EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/12/18 12:0 a.m.23 views

CVE-2019-4716

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as “admin”, and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

10CVSS8.9AI score0.86441EPSS
Exploits6References5
ATTACKERKB
ATTACKERKB
added 2019/10/30 12:0 a.m.23 views

CVE-2019-8903

index.js in Total.js Platform before 3.2.3 allows path traversal. Recent assessments: Mad-robot at July 05, 2020 2:29pm UTC reported: Totaljs – Unathenticated Directory Traversal DESCRIPTION User can make requests like “GET /../databases/settings.json HTTP/1.1” and include file contents from...

7.5CVSS7.4AI score0.72058EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2019/10/24 12:0 a.m.23 views

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Recent assessments: ericalexanderorg at August 04, 2020 4:44pm UTC reported: More detail: Stupid easy GET...

5.3CVSS2.1AI score0.13945EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/09/12 12:0 a.m.23 views

CVE-2019-11773

Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. Recent assessments: timb-machine at March 05, 2021 12:22am UTC reported: Unlikely to be setUID, unlikely that you will have write control over the vulnerable...

7.8CVSS2.9AI score0.00376EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/07/06 12:0 a.m.23 views

CVE-2019-1892

Cisco Small Business 200/300/500 Series Managed Switch HTTPS validation allows a memory corruption DoS Recent assessments: bwatters-r7 at July 09, 2019 5:54pm UTC reported: This is a memory corruption vulnerability that allows an attacker to send a malformed HTTPS packet, which will then generate...

7.5CVSS7.8AI score0.01772EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/05/08 12:0 a.m.23 views

CVE-2019-5021

Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...

10CVSS9.2AI score0.06263EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2019/03/28 12:0 a.m.23 views

CVE-2019-17388

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. Recent assessments: kevthehermit at March 05, 2020 9:34am UTC reported: V...

7.8CVSS2AI score0.0057EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2019/03/21 12:0 a.m.23 views

MailCleaner Authenticated Command Injection

www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details The /admin/managetracing/search/search endpoint in MailCleaner Community Edition allo...

9CVSS5AI score0.54498EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2019/03/05 12:0 a.m.23 views

CVE-2019-6223

A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer. Recent...

7.5CVSS2.3AI score0.02629EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/11/27 12:0 a.m.23 views

Nuuo Central Management Server Authenticated SQL Server SQLi

Nuuo Central Management Server v3.3 and prior are vulnerable to an authenticated SQL injection vulnerability. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details Details from module documentation in Metasploit. The GETOPENALARM verb is used to obtain information about alar...

8.8CVSS9.1AI score0.60791EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2018/04/17 12:0 a.m.23 views

TIBCO JasperReports Server Information Disclosure Vulnerability

The Spring web flows of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which...

8.8CVSS8AI score0.48753EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.23 views

CVE-2018-0159

A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is...

7.8CVSS4.8AI score0.07005EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.23 views

CVE-2018-0180

Multiple vulnerabilities in the Login Enhancements Login Block feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service DoS condition. These vulnerabilities affect Cisco devices that are running Cisco...

7.1CVSS3.2AI score0.05032EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2017/12/04 12:0 a.m.23 views

CVE-2017-15889

Command injection vulnerability in smart.cgi in Synology DiskStation Manager DSM before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. Recent assessments: h00die at May 20, 2020 12:19pm UTC reported: AUTHENTICATED command execution in...

8.8CVSS3.2AI score0.72453EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2017/11/10 12:0 a.m.23 views

CVE-2017-16249

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying 300 seconds with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web...

7.8CVSS1.1AI score0.59386EPSS
Exploits7References5
ATTACKERKB
ATTACKERKB
added 2017/10/24 12:0 a.m.23 views

Ayukov NFTP FTP Client Stack Buffer Overflow Analysis

Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: Details Ayukov is an FTP client that was written by Sergey Ayukov back in 1994. Development stopped in 2011, and...

9.8CVSS0.8AI score0.60328EPSS
Exploits16References3
ATTACKERKB
ATTACKERKB
added 2017/09/29 12:0 a.m.23 views

CVE-2017-12233

Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities are due to the...

7.8CVSS5.1AI score0.07128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/09/29 12:0 a.m.23 views

CVE-2017-12231

A vulnerability in the implementation of Network Address Translation NAT functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the improper translation of H.323...

7.8CVSS4AI score0.07128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/04/24 12:0 a.m.23 views

CVE-2017-3506

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HT...

7.4CVSS7AI score0.96281EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2017/03/09 12:0 a.m.23 views

CVE-2017-6527

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user by using the viewAppletFsa.cgi seqID parameter. Recent assessments: h00die at Mar...

8.1CVSS4.4AI score0.56647EPSS
Exploits11References4
ATTACKERKB
ATTACKERKB
added 2016/05/05 12:0 a.m.23 views

CVE-2016-3714

The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka “ImageTragick.” Recent assessments: Assessed Attacker Value: 0...

10CVSS7.9AI score0.97485EPSS
Exploits11References36
ATTACKERKB
ATTACKERKB
added 2016/04/12 12:0 a.m.23 views

CVE-2016-0162

Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka “Internet Explorer Information Disclosure Vulnerability.” Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.3CVSS5.5AI score0.22088EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2016/03/12 12:0 a.m.23 views

CVE-2016-0993

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary...

9.3CVSS9.2AI score0.19785EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2015/11/24 12:0 a.m.23 views

vBulletin 5 Connect 5.1.2 through 5.1.9 PHP object injection attack

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. Recent assessments: busterb ...

7.5CVSS7.3AI score0.80635EPSS
Exploits12References7
ATTACKERKB
ATTACKERKB
added 2015/01/13 12:0 a.m.23 views

CVE-2014-100005

Multiple cross-site request forgery CSRF vulnerabilities in D-Link DIR-600 router rev. Bx with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator account or 2 enable remote management via a crafted configuratio...

8.8CVSS7.9AI score0.42414EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2014/07/02 12:0 a.m.23 views

CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. Recent assessments: timb-machine ...

7.2CVSS3.9AI score0.00576EPSS
Exploits4References16
ATTACKERKB
ATTACKERKB
added 2014/03/20 12:0 a.m.23 views

DameWare Support Control fgets Vulnerability

Stack-based buffer overflow in the “Add from text file” feature in the DameWare Exporter tool DWExporter.exe in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. Recent assessments: wchen-r7 at September 12...

9.3CVSS4.3AI score0.06009EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2013/07/29 12:0 a.m.23 views

CVE-2013-4800 HP LoadRunner magentproc.exe Overflow

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: - Looks like this has changed. Assessed Attacker Value: 0 Assessed Attacker Valu...

9.3CVSS7.4AI score0.39303EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2012/12/12 12:0 a.m.23 views

CVE-2012-2539

Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted RTF data, aka “Word RTF ‘listoverridecount’ Remote...

9.3CVSS8.1AI score0.53159EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2012/05/21 12:0 a.m.23 views

CVE-2012-0297 Symantec Web Gateway Vulnerability

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by 1 injecting crafted data or 2 including crafted data. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

10CVSS2.5AI score0.72596EPSS
Exploits22References5
ATTACKERKB
ATTACKERKB
added 2011/10/12 12:0 a.m.23 views

CVE-2011-2005

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka “Ancillary Function Driver Elevation of Privilege...

7.8CVSS7.3AI score0.31761EPSS
Exploits12References4
ATTACKERKB
ATTACKERKB
added 2010/05/25 2:30 p.m.23 views

CVE-2010-2035

Directory traversal vulnerability in the Percha Gallery comperchagallery component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

7.5CVSS6AI score0.15781EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2004/08/06 12:0 a.m.23 views

CVE-2004-0210

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

7.8CVSS7.2AI score0.07606EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/30 1:30 p.m.22 views

CVE-2026-10119

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filtername leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit h...

9CVSS7.6AI score0.00472EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000