Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2020/08/17 6:15 p.m.45 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interfa...

3.5CVSS4.9AI score0.00617EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/08/12 2:15 p.m.45 views

Design/Logic Flaw

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

7.5CVSS9.8AI score0.99728EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2020/08/07 4:15 p.m.45 views

Design/Logic Flaw

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

5CVSS7.3AI score0.89744EPSS
Exploits0References29Affected Software25
Prion
Prion
added 2020/06/30 7:15 p.m.45 views

Hardcoded credentials

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

5CVSS7.4AI score0.02511EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2020/05/19 2:15 p.m.45 views

Design/Logic Flaw

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

4.3CVSS6.6AI score0.93422EPSS
Exploits5References12Affected Software5
Prion
Prion
added 2020/04/27 9:15 p.m.45 views

Code injection

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...

5CVSS7.4AI score0.04311EPSS
Exploits1References7Affected Software4
Prion
Prion
added 2020/04/15 2:15 p.m.45 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

3.5CVSS5.4AI score0.02317EPSS
Exploits0References7Affected Software5
Prion
Prion
added 2020/01/15 5:15 p.m.45 views

Design/Logic Flaw

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching,CacheStore,Invocation. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 ...

7.5CVSS9.1AI score0.97116EPSS
Exploits26References8Affected Software8
Prion
Prion
added 2019/11/15 4:15 p.m.45 views

Null pointer dereference

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11SignWithSymKey / ssl3ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service...

5CVSS6.7AI score0.02279EPSS
Exploits0References9Affected Software27
Prion
Prion
added 2019/10/21 4:15 a.m.45 views

Denial of service

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop...

5CVSS7.5AI score0.19507EPSS
Exploits1References14Affected Software1
Prion
Prion
added 2019/07/23 11:15 p.m.45 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached ...

2.3CVSS4AI score0.00806EPSS
Exploits0References6Affected Software7
Prion
Prion
added 2019/04/23 7:32 p.m.45 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

3.5CVSS4.3AI score0.0281EPSS
Exploits0References14Affected Software11
Prion
Prion
added 2019/02/21 7:29 p.m.45 views

Design/Logic Flaw

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to pharparsepharfile in...

5CVSS8.3AI score0.0566EPSS
Exploits1References10Affected Software2
Prion
Prion
added 2018/07/26 4:29 p.m.45 views

Information disclosure

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serv...

4.8CVSS6.7AI score0.0759EPSS
Exploits0References13Affected Software6
Prion
Prion
added 2018/06/25 3:29 p.m.45 views

Cross site scripting

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

4.3CVSS8.3AI score0.03244EPSS
Exploits0References9Affected Software28
Prion
Prion
added 2018/03/26 3:29 p.m.45 views

Code injection

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

6.8CVSS8.5AI score0.86006EPSS
Exploits0References27Affected Software4
Prion
Prion
added 2017/11/30 9:29 p.m.45 views

Integer overflow

The gmcmmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service integer signedness error and out-of-array read via a crafted MPEG file...

4.3CVSS6.2AI score0.01827EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2017/10/25 6:29 a.m.45 views

Cross site scripting

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the confLayoutOwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214...

4.3CVSS6.2AI score0.02352EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2017/06/19 4:29 p.m.45 views

Code injection

The OpenBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...

6.4CVSS7.4AI score0.1338EPSS
Exploits3References9Affected Software1
Prion
Prion
added 2017/03/17 12:59 a.m.45 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References11Affected Software1
Prion
Prion
added 2016/09/07 7:28 p.m.45 views

Design/Logic Flaw

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

5CVSS6.8AI score0.05673EPSS
Exploits4References5Affected Software1
Prion
Prion
added 2016/05/22 1:59 a.m.45 views

Out-of-bounds

The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

7.5CVSS7.9AI score0.06063EPSS
Exploits1References15Affected Software3
Prion
Prion
added 2016/01/19 5:59 a.m.45 views

Directory traversal

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...

5CVSS7.1AI score0.04837EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2015/06/09 6:59 p.m.45 views

Code injection

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

7.5CVSS7AI score0.20233EPSS
Exploits2References16Affected Software9
Prion
Prion
added 2015/01/30 11:59 a.m.45 views

Memory corruption

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different...

6.8CVSS7.8AI score0.02762EPSS
Exploits0References10Affected Software4
Prion
Prion
added 2014/03/19 10:55 a.m.45 views

Buffer overflow

Buffer overflow in the cairotruetypeindextoucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docume...

6.8CVSS8.2AI score0.0503EPSS
Exploits1References12Affected Software16
Prion
Prion
added 2013/10/17 12:55 a.m.45 views

Format string

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS7.1AI score0.03135EPSS
Exploits1References6Affected Software3
Prion
Prion
added 2013/08/31 5:55 p.m.45 views

Information disclosure

Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate...

5.8CVSS6.4AI score0.00773EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2010/12/17 7:0 p.m.45 views

Stack overflow

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...

6.8CVSS8.6AI score0.0582EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2010/01/13 8:30 p.m.45 views

Design/Logic Flaw

Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS8.3AI score0.06836EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2009/08/03 2:30 p.m.45 views

Heap overflow

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger AIM, allows remote SSL servers to cause a denial of service application crash or possibly...

9.3CVSS8.8AI score0.04155EPSS
Exploits1References28Affected Software1
Prion
Prion
added 2009/07/14 11:30 p.m.45 views

Authentication flaw

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS6.5AI score0.06348EPSS
Exploits0References86Affected Software5
Prion
Prion
added 2009/03/09 9:30 p.m.45 views

Integer overflow

Integer overflow in the ftsbuild function in fts.c in libc in 1 OpenBSD 4.4 and earlier and 2 Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service application crash via a deep directory tree, related to the ftslevel structure member, as...

4.9CVSS7AI score0.03592EPSS
Exploits6References7Affected Software2
Prion
Prion
added 2009/02/08 9:30 p.m.45 views

Buffer overflow

Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a...

9.3CVSS8.3AI score0.05741EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2008/09/18 5:59 p.m.45 views

Default credentials

The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...

5.1CVSS6.3AI score0.04289EPSS
Exploits2References19Affected Software1
Prion
Prion
added 2008/07/14 6:41 p.m.46 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

4.3CVSS5.8AI score0.01189EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2007/05/09 5:19 p.m.45 views

Path traversal

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid 1 GBTBL parameter to a lang/codes-english.php or b image.php, which reveal the database name; 2 an invalid GBDB parameter to index.php, coupled with a ../index lang cookie, which reveals the installati...

7.1CVSS6.7AI score0.01828EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2006/05/24 11:2 p.m.45 views

Remote file inclusion

PHP remote file inclusion vulnerability in addpostnewpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 trial allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter...

5.1CVSS7.8AI score0.07873EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2006/05/03 10:2 a.m.45 views

Remote file inclusion

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via the phpbbrootpath parameter...

7.5CVSS7.1AI score0.08341EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2006/01/03 10:3 p.m.45 views

Input validation

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the globrootDir parameter...

7.5CVSS8AI score0.02406EPSS
Exploits0References2
Prion
Prion
added 2024/03/15 12:17 a.m.44 views

Cross site scripting

A cross-site scripting XSS vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

6.1AI score0.00483EPSS
Exploits1References2
Prion
Prion
added 2024/03/06 5:15 p.m.44 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

6.6AI score0.00318EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.44 views

Design/Logic Flaw

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5CVSS7AI score0.00598EPSS
Exploits0References7
Prion
Prion
added 2024/01/09 5:15 p.m.44 views

Design/Logic Flaw

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

4CVSS7.5AI score0.02323EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2024/01/08 6:15 p.m.44 views

Design/Logic Flaw

It was discovered that the clsroute filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0...

4.3CVSS7.1AI score0.06214EPSS
Exploits7References15Affected Software2
Prion
Prion
added 2023/12/24 6:15 a.m.44 views

Code injection

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

5CVSS6.8AI score0.01072EPSS
Exploits1References20Affected Software4
Prion
Prion
added 2023/11/02 5:15 p.m.44 views

Cross site scripting

Reportico 7.1.21 is vulnerable to Cross Site Scripting XSS...

4.3CVSS4.9AI score0.00373EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/11/02 12:15 p.m.44 views

Cross site scripting

Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...

5.8CVSS6AI score0.00469EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/11/01 12:15 a.m.44 views

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...

4.9CVSS5.3AI score0.00407EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/09/15 4:15 p.m.45 views

Design/Logic Flaw

An issue was discovered in Bezeq Vtech NB403-IL version BZ2.02.07.09.13.01 and Vtech IAD604-IL versions BZ2.02.07.09.13.01, BZ2.02.07.09.13T, and BZ2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service...

5CVSS7.6AI score0.00737EPSS
Exploits1References1Affected Software2
Total number of security vulnerabilities5000