Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2018/11/07 5:29 a.m.71 views

Path traversal

An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...

5CVSS7.4AI score0.1408EPSS
Exploits1References3Affected Software5
Prion
Prion
added 2017/06/15 1:29 a.m.71 views

Remote code execution

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take...

10CVSS9.5AI score0.7376EPSS
Exploits0References3Affected Software4
Prion
Prion
added 2017/02/13 5:59 p.m.71 views

Design/Logic Flaw

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provid...

4.3CVSS7.1AI score0.88944EPSS
Exploits12References12Affected Software1
Prion
Prion
added 2023/09/14 8:15 a.m.70 views

Improper access control

Adobe ColdFusion versions 2018u18 and earlier, 2021u8 and earlier and 2023u2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...

5CVSS7.3AI score0.99732EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/22 5:15 p.m.70 views

Design/Logic Flaw

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

5CVSS7.5AI score0.03658EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2021/05/27 12:15 p.m.70 views

Privilege escalation

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

4CVSS6AI score0.04341EPSS
Exploits1References8Affected Software3
Prion
Prion
added 2021/05/06 1:15 p.m.70 views

Design/Logic Flaw

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.3CVSS9.7AI score0.09285EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/10/28 3:15 p.m.70 views

Remote code execution

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

7.5CVSS9.7AI score0.9947EPSS
Exploits54References27Affected Software3
Prion
Prion
added 2019/08/01 9:15 p.m.70 views

Out-of-bounds

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...

5CVSS8.4AI score0.84925EPSS
Exploits7References2Affected Software2
Prion
Prion
added 2013/04/04 5:55 p.m.70 views

Design/Logic Flaw

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...

10CVSS7AI score0.02206EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2008/11/21 5:30 p.m.70 views

Remote file inclusion

PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox aka IdeBox 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter...

7.5CVSS8AI score0.02914EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2024/02/09 1:15 p.m.69 views

Sql injection

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacherlogin.php...

6.5CVSS8.8AI score0.00721EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.69 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.00925EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/05 7:15 p.m.69 views

Out-of-bounds

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network namespace...

4.3CVSS7.8AI score0.02154EPSS
Exploits2References11Affected Software3
Prion
Prion
added 2022/12/18 1:15 p.m.69 views

Remote file inclusion

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3...

7.5CVSS9.6AI score0.35435EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/27 12:15 p.m.69 views

Design/Logic Flaw

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...

4.3CVSS6.7AI score0.71867EPSS
Exploits0References8Affected Software3
Prion
Prion
added 2021/02/24 3:15 p.m.69 views

Double free

The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c...

1.9CVSS6AI score0.00374EPSS
Exploits0References5Affected Software3
Prion
Prion
added 2018/08/13 1:29 p.m.69 views

Command injection

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application...

7.5CVSS9.6AI score0.02251EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/02/14 3:15 p.m.68 views

Cross site scripting

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS6.3AI score0.00438EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/08/19 6:15 a.m.68 views

Default credentials

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...

6.8CVSS8.4AI score0.00485EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/10/18 9:15 p.m.68 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server...

0.8CVSS4.1AI score0.00426EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/01/20 3:15 p.m.68 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

6.8CVSS4.8AI score0.02205EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2017/12/14 6:29 p.m.68 views

Privilege escalation

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain...

7.6CVSS8.3AI score0.0185EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2013/10/24 10:53 a.m.68 views

Design/Logic Flaw

Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation...

7.2CVSS6.4AI score0.00329EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2011/12/06 11:55 a.m.68 views

Design/Logic Flaw

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer...

9CVSS7.5AI score0.12804EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2007/05/30 10:30 a.m.68 views

Code injection

Microsoft Internet Information Services IIS 6.0 allows remote attackers to cause a denial of service server instability or device hang, and possibly obtain sensitive information device communication traffic; and might allow attackers with physical access to execute arbitrary code after connecting...

7.5CVSS8.2AI score0.74023EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/02/09 10:15 a.m.67 views

Design/Logic Flaw

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTIONCLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation...

4CVSS7.3AI score0.00254EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.67 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS2.1AI score0.00809EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/06 4:15 p.m.67 views

Design/Logic Flaw

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdcpreauth.jsp component...

7.5CVSS9.6AI score0.01014EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/04/19 9:15 p.m.67 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

2.1CVSS4.4AI score0.01196EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/28 7:15 p.m.67 views

Information disclosure

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

7.5CVSS8.8AI score0.13227EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/01/09 9:15 p.m.67 views

Design/Logic Flaw

NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...

4.3CVSS5.1AI score0.14961EPSS
Exploits3References11Affected Software4
Prion
Prion
added 2019/05/29 10:29 p.m.67 views

Xxe

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability, as demonstrated by Autodiscover/Autodiscover.xml...

7.5CVSS9.7AI score0.99986EPSS
Exploits4References6Affected Software1
Prion
Prion
added 2019/05/28 10:29 p.m.67 views

Design/Logic Flaw

An Unsafe Search Path vulnerability in FortiClient Online Installer Windows version before 6.0.6 may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files...

9.3CVSS7.9AI score0.02613EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/06/08 12:29 p.m.67 views

Buffer overflow

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725...

10CVSS9.6AI score0.40386EPSS
Exploits8References2Affected Software1
Prion
Prion
added 2014/03/28 3:55 p.m.67 views

Heap overflow

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

7.5CVSS8.4AI score0.09293EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2012/06/04 8:55 p.m.67 views

Hardcoded credentials

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...

6.8CVSS8AI score0.04281EPSS
Exploits0References21Affected Software1
Prion
Prion
added 2024/02/29 1:43 a.m.66 views

Design/Logic Flaw

A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been...

1.7CVSS7.3AI score0.00366EPSS
Exploits1References3
Prion
Prion
added 2023/10/17 10:15 p.m.66 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.5AI score0.0094EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.66 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.00925EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.66 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.5AI score0.00983EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/08 6:15 p.m.66 views

Remote code execution

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

6.8CVSS8.9AI score0.01221EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2023/06/22 12:15 p.m.66 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

5.8CVSS6AI score0.00402EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/04/24 2:15 p.m.66 views

Code injection

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjsfficbfree at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

1.9CVSS5.5AI score0.00287EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/04/11 5:15 p.m.66 views

Design/Logic Flaw

A download of code without Integrity check vulnerability CWE-494 in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate...

4.3CVSS7.7AI score0.00121EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/28 7:15 p.m.66 views

Stack overflow

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate...

7.5CVSS9.6AI score0.04354EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2023/01/10 10:15 p.m.66 views

Denial of service

.NET Denial of Service Vulnerability...

5CVSS7.2AI score0.0274EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2022/12/25 7:15 p.m.66 views

Cross site request forgery (csrf)

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...

4CVSS6.7AI score0.0169EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/10/18 9:15 p.m.66 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

3.3CVSS4.8AI score0.01369EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/08/30 9:15 p.m.66 views

Improper access control

Incorrect access control in the install directory C:\Wamp64 of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

6.5CVSS8.9AI score0.00814EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000