Lucene search
K
CertMost viewed

3702 matches found

CERT
CERT
•added 2015/07/24 12:0 a.m.•31 views

Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...

6.8CVSS7.3AI score0.02373EPSS
Exploits0References4
CERT
CERT
•added 2015/06/08 12:0 a.m.•31 views

Toshiba CHEC contains a hard-coded cryptographic key

Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...

5CVSS6AI score0.02063EPSS
Exploits0References1
CERT
CERT
•added 2015/04/28 12:0 a.m.•31 views

Barracuda Web Filter insecurely performs SSL inspection

Overview Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection. Description According to Barracuda Networks, the...

4.3CVSS6.1AI score0.01424EPSS
Exploits0References4
CERT
CERT
•added 2015/04/14 12:0 a.m.•31 views

Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure

Overview The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting XSS and information disclosure. Description The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network.A cross-site scripting vulnerability...

5CVSS6AI score0.01462EPSS
Exploits0References1
CERT
CERT
•added 2014/08/07 12:0 a.m.•31 views

Cobham Sailor satellite terminals contain hardcoded credentials

Overview Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. Description CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 900 and 6000 series satellite communication terminals running firmware version: 1.08 MFHF / 2.11 VHF contain hardcod...

10CVSS6.9AI score0.02215EPSS
Exploits0References2
CERT
CERT
•added 2014/06/10 12:0 a.m.•31 views

Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability

Overview Cisco AsyncOS contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-3289 Cisco AsyncOS, the underlying OS for the Cisco Email Security Appliance, Web Security Applianc...

4.3CVSS5.8AI score0.02426EPSS
Exploits4References3
CERT
CERT
•added 2014/03/25 12:0 a.m.•31 views

Virtual Access GW6110A router privilege escalation vulnerability

Overview Virtual Access GW6110A routers contain a privilege escalation vulnerability which could allow an authenticated user to escalate their privileges. Description CWE-472: External Control of Assumed-Immutable Web ParameterVirtual Access GW6110A routers contain a privilege escalation...

4.9CVSS6.8AI score0.00606EPSS
Exploits1References1
CERT
CERT
•added 2014/01/09 12:0 a.m.•31 views

VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability

Overview VASCO IDENTIKEY Authentication Server version 3.4.x contains an authentication bypass vulnerability which could allow an attacker to login to a system without needing the user's Active Directory password credentials. Description CWE-305: Authentication Bypass by Primary WeaknessVASCO's...

7.6AI score
Exploits0References3
CERT
CERT
•added 2013/12/03 12:0 a.m.•31 views

AT&T Connect Participant Application for Windows v9.5.35 contains a stack-based buffer overflow vulnerability

Overview AT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions contain a stack-based buffer overflow CWE-121 vulnerability. Description CWE-121: Stack-based Buffer Overflow AT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions...

6.8CVSS8.4AI score0.02522EPSS
Exploits0References3
CERT
CERT
•added 2013/10/25 12:0 a.m.•31 views

Tyler Technologies TaxWeb 3.13.3.1 contains multiple vulnerabilities

Overview Tyler Technologies TaxWeb 3.13.3.1 and possibly earlier versions contain cross-site request forgery CWE-352, information exposure CWE-203, and reflected cross-site scripting CWE-79 vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2013-6018TaxWeb 3.13.3.1...

6.8CVSS6.3AI score0.01281EPSS
Exploits0References4
CERT
CERT
•added 2013/10/01 12:0 a.m.•31 views

L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack

Overview L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, resulting in information leakage. allowing a local attacker to derive the contents of memory not belonging to the attacker. Description Common L3 CPU shared cache architecture is susceptible to a...

1.9CVSS6.7AI score0.00533EPSS
Exploits0References4
CERT
CERT
•added 2013/06/28 12:0 a.m.•31 views

Choice Wireless Green Packet 4G WiMax modem vulnerability

Overview Choice Wireless Green Packet 4G WiMax modem, model number WIXFMR-111, fails to properly validate ajax requests allowing a remote unauthenticated attacker to view system configuration information or possibly execute commands on the device. Description It has been reported that Choice...

7.1CVSS7.1AI score0.01453EPSS
Exploits0References1
CERT
CERT
•added 2013/05/01 12:0 a.m.•31 views

IBM Notes runs arbitrary JAVA and Javascript in emails

Overview IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails. Description The n.runs AG security advisory states:Notes 8.5.3 does not filter tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources making it an information...

6.9AI score
Exploits0References5
CERT
CERT
•added 2013/04/26 12:0 a.m.•31 views

Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installations

Overview Henry Schein Dentrix G5, a dental practice management software suite, uses hard-coded database access credentials that are shared across multiple installation sites. An attacker who is able to obtain the credentials for one site may be able to gain access to other sites using the same...

5CVSS6.4AI score0.01772EPSS
Exploits0References6
CERT
CERT
•added 2013/01/11 12:0 a.m.•31 views

TP-LINK TL-WR841N wireless router local file inclusion vulnerability

Overview The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device. Description CWE-829: Inclusion of Functionality from Untrusted Control SphereThe TP-LINK TL-WR841N wireless router...

4.3CVSS6.3AI score0.03544EPSS
Exploits0References2
CERT
CERT
•added 2012/11/12 12:0 a.m.•31 views

Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability

Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...

3.5CVSS5.8AI score0.01067EPSS
Exploits0References1
CERT
CERT
•added 2012/10/31 12:0 a.m.•31 views

Axigen Mail Server directory traversal vulnerability

Overview Axigen Mail Server contains a directory traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted DirectoryAxigen Mail Server has a web based administration site which allows authorized administrators to perform certain actions via HTTP. The 'View Log...

6.4CVSS8AI score0.83632EPSS
Exploits3References2
CERT
CERT
•added 2012/10/04 12:0 a.m.•31 views

Cerberus FTP Server web interface cross-site request forgery vulnerability

Overview The Cerberus FTP Server web interface contains a cross-site request forgery vulnerability Description CWE-352: Cross-Site Request Forgery CSRF: The Cerberus FTP Server web interface is vulnerable to CSRF using the HTTP POST method in the :10000/usermanager/users/modify. The application h...

6.8CVSS7.2AI score0.01167EPSS
Exploits0References2
CERT
CERT
•added 2012/08/30 12:0 a.m.•31 views

Open Technology Real Services nested tags cross-site scripting vulnerability

Overview Open Technology Real Services OTRS is susceptible to a cross-site scripting vulnerability when viewing HTML webpages with nested tags. Description Open Technology Real Services OTRS contains a cross-site scripting CWE-79 vulnerability in the email body. An attacker may be able to load...

2.6CVSS8.1AI score0.06346EPSS
Exploits2References3
CERT
CERT
•added 2012/07/09 12:0 a.m.•31 views

Netsweeper Internet Filter WebAdmin Portal multiple vulnerabilities

Overview Netsweeper Internet Filter WebAdmin Portal contains XSS, CSRF and SQLi vulnerabilities. Description Netsweeper Internet Filter's WebAdmin Portal contains the following XSS, CSRF and SQLi vulnerabilities.CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...

10CVSS8.2AI score0.02917EPSS
Exploits7References5
CERT
CERT
•added 2012/04/10 12:0 a.m.•31 views

Pluck SiteLife software multiple XSS vulnerabilities

Overview Pluck SiteLife software contains multiple XSS vulnerabilities. Description According to DemandMedia's website Pluck SiteLife software is an integrated community platform architected for brands. Pluck SiteLife software contains multiple cross site scripting XSS vulnerabilities. CWE-79:...

4.3CVSS5.8AI score0.01456EPSS
Exploits1References4
CERT
CERT
•added 2011/11/08 12:0 a.m.•31 views

Microsoft Windows UDP packet parsing vulnerability

Overview A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service. Description Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a...

10CVSS6.3AI score0.33745EPSS
Exploits1References2
CERT
CERT
•added 2011/09/30 12:0 a.m.•31 views

ProjectForum XSS vulnerability

Overview ProjectForum 7.0.1.3038 and possibly previous versions, are vulnerable to cross site scripting XSS. Description CourseForum's ProjectForum software fails to sanitize all input fields. As a result, cross site scripting XSS attacks can be conducted. By default, a non-credentialed user can...

6.2AI score
Exploits0References1
CERT
CERT
•added 2011/02/22 12:0 a.m.•31 views

ISC Bind 9 IXFR or DDNS update combined with high query rate DoS vulnerability

Overview A denial-of-service condition exists in certain cases when an ISC Bind server processes a IXFR transfer or dynamic update. Description The ISC security advisory states:"When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time...

7.1CVSS8.5AI score0.13598EPSS
Exploits1References1
CERT
CERT
•added 2010/12/22 12:0 a.m.•31 views

Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerability

Overview The ActiveX control, WBEMSingleView.ocx, that is a part of the WMI Administrative Tools package contains a vulnerability. Description The AddContextRef and ReleaseContext functions of the WMI Object Viewer control can be passed an object pointer from an attacker that results in arbitrary...

7.8AI score
Exploits0References5
CERT
CERT
•added 2010/11/03 12:0 a.m.•31 views

Microsoft Internet Explorer invalid flag reference vulnerability

Overview Microsoft Internet Explorer invalid flag reference vulnerability Description According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets CSS tags when parsing HTML,...

9.3CVSS6.5AI score0.96889EPSS
Exploits14References6
CERT
CERT
•added 2009/09/05 12:0 a.m.•31 views

VMware VMnc AVI video codec image height heap overflow

Overview The VMware VMnc video codec fails to properly handle the image height value in AVI files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Several VMware products include the ability to create and play movies of running...

9.3CVSS6.9AI score0.05568EPSS
Exploits0References1
CERT
CERT
•added 2008/07/28 12:0 a.m.•31 views

RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability

Overview RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash SWF files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RealNetworks RealPlayer application provides support for the SWF file format. A...

9.3CVSS7AI score0.06765EPSS
Exploits1References3
CERT
CERT
•added 2008/07/07 12:0 a.m.•31 views

Microsoft Office Snapshot Viewer ActiveX control race condition

Overview The Microsoft Office Snapshot Viewer ActiveX control contains a race condition, which can allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations. Description Microsoft Snapshot Viewer is a viewer for snapshots created with Microsoft Access. Snapshot...

6.8CVSS6.1AI score0.59125EPSS
Exploits9References8
CERT
CERT
•added 2008/06/11 12:0 a.m.•31 views

SkyPortal contains multiple SQL injection vulnerabilities

Overview SkyPortal RC6 contains multiple SQL injection vulnerabilities which could allow a remote, unauthenticated attacker to gain access to the back-end database and to add, modify or remove data. Description SkyPortal is a modular web portal and online community system that includes web-based...

7.5CVSS7.7AI score0.01349EPSS
Exploits1References6
CERT
CERT
•added 2008/06/10 12:0 a.m.•31 views

Apple QuickTime "file: URL" arbitrary code execution

Overview Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. Description Apple QuickTime is a multiplatform multimedia software architecture which provides file format converters for more than 250 common image, video, and audio file...

6.8CVSS6.9AI score0.04115EPSS
Exploits1References1
CERT
CERT
•added 2008/05/29 12:0 a.m.•31 views

GnuTLS Client Hello repeat Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted TLS packet that contains multiple Client Hello messages...

9.3CVSS8.9AI score0.05772EPSS
Exploits2References4
CERT
CERT
•added 2008/05/01 12:0 a.m.•31 views

BGP implementations do not properly handle UPDATE messages

Overview BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability...

7.8CVSS6.3AI score0.03745EPSS
Exploits0References17
CERT
CERT
•added 2008/04/30 12:0 a.m.•31 views

cPanel XSRF vulnerabilities

Overview cPanel contains multiple cross-site request forgery XSRF vulnerabilities. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary commands. Description cPanel, a web-based tool that is designed to automate and control web sites and servers, contains...

4.3CVSS7.3AI score0.01339EPSS
Exploits2References5
CERT
CERT
•added 2008/02/05 12:0 a.m.•31 views

Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control stack buffer overflow

Overview The Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes multip...

4.3CVSS7.1AI score0.08104EPSS
Exploits5References3
CERT
CERT
•added 2007/12/04 12:0 a.m.•31 views

Mortbay Jetty fails to properly handle cookies with quotes

Overview Mortbay Jetty fails to properly handle cookie quotes, which may allow session hijacking. Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle cookies with certain quote sequences. This can cause the Jetty cookie parsing mechanism to improperly...

7.5CVSS5.2AI score0.03978EPSS
Exploits0References2
CERT
CERT
•added 2007/11/15 12:0 a.m.•31 views

Apple QuickTime heap buffer overflow vulnerability

Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. Color table atoms can set a list of preferred colors for displaying movieson...

9.3CVSS7.5AI score0.46662EPSS
Exploits0References2
CERT
CERT
•added 2007/11/08 12:0 a.m.•31 views

Mozilla-based browsers jar: URI cross-site scripting vulnerability

Overview Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks. Description The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar...

4.3CVSS5.7AI score0.02712EPSS
Exploits0References7
CERT
CERT
•added 2007/10/20 12:0 a.m.•31 views

RealPlayer playlist name stack buffer overflow

Overview RealPlayer contains a stack buffer overflow in the handling of playlist names, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...

9.3CVSS7.1AI score0.42365EPSS
Exploits9References6
CERT
CERT
•added 2007/09/05 12:0 a.m.•31 views

Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to methods

Overview The Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to dangerous methods, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented a...

9.3CVSS6.7AI score0.05155EPSS
Exploits1References4
CERT
CERT
•added 2007/09/04 12:0 a.m.•31 views

MIT Kerberos 5 kadmind privilege escalation vulnerability

Overview MIT Kerberos kadmind contains a privilege escalation vulnerability that may allow an authenticated attacker to execute code with root privileges. Description Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It ...

8.5CVSS9.9AI score0.06139EPSS
Exploits1References2
CERT
CERT
•added 2007/08/01 12:0 a.m.•31 views

Atheros wireless network drivers may fail to properly handle malformed frames

Overview Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description Some versions of the Microsoft Windows drivers for Atheros 802.11 a/b/g wireless adapters fail ...

5CVSS6.4AI score0.2579EPSS
Exploits1References4
CERT
CERT
•added 2007/07/10 12:0 a.m.•31 views

Microsoft Windows Active Directory fails to properly validate LDAP requests

Overview A vulnerability in Windows Active Directory could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Lightweight Directory Access Protocol LDAP is a standard protocol that enables users to query or modify the data in a meta directory. Microsoft's...

10CVSS7.3AI score0.3917EPSS
Exploits0References3
CERT
CERT
•added 2007/07/09 12:0 a.m.•31 views

SAP Message Server heap buffer overflow

Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...

10CVSS7.7AI score0.36586EPSS
Exploits1References6
CERT
CERT
•added 2007/04/18 12:0 a.m.•31 views

Second Sight Software ActiveGS ActiveX control stack buffer overflows

Overview The Second Sight Software ActiveGS ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an...

6.8CVSS7.2AI score0.0585EPSS
Exploits0References3
CERT
CERT
•added 2007/04/05 12:0 a.m.•31 views

Intel Centrino wireless drivers fail to properly process malformed frames

Overview Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless adapters fail to...

7.7AI score
Exploits0References4
CERT
CERT
•added 2007/03/17 12:0 a.m.•31 views

CA BrightStor ARCserver Tape Engine denial-of-service vulnerability

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to shut down the tape engine interface. Description BrightStor ARCserve Backup is a backup and data retention tool that...

2.1CVSS6.4AI score0.00908EPSS
Exploits0References5
CERT
CERT
•added 2007/03/14 12:0 a.m.•31 views

Apple Mac OS X DirectoryService may allow arbitrary users to change the root password

Overview A vulnerabilty in the Apple Mac OS X DirectoryService may allow unprivileged users to change the root password. Description The Apple Mac OS X DirectoryService contains a vulnerability that may allow unprivileged LDAP users to change the local root password. According to Apple security...

8.5CVSS7.5AI score0.03764EPSS
Exploits0References2
CERT
CERT
•added 2007/02/19 12:0 a.m.•31 views

Apple Mac OS X UserNotificationCenter privilege escalation vulnerability

Overview Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Description The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevate...

6.9CVSS6.3AI score0.01538EPSS
Exploits2References7
CERT
CERT
•added 2007/02/08 12:0 a.m.•31 views

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...

4CVSS6.7AI score0.02044EPSS
Exploits0References9
Total number of security vulnerabilities3702