Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2013/11/22 1:55 a.m.•38 views

Memory corruption

The MLDP implementation in Cisco IOS 15.33S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service chunk corruption and device reload by establishing many multicast flows, aka Bug ID CSCue22345...

5.4CVSS7.3AI score0.01127EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2013/07/16 6:55 p.m.•38 views

Code injection

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...

9.3CVSS7.5AI score0.70211EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2013/07/09 5:55 p.m.•38 views

Input validation

The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...

6.9CVSS6.7AI score0.00372EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2013/07/09 5:55 p.m.•38 views

Authentication flaw

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887...

2.6CVSS6.8AI score0.12098EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2013/02/13 1:55 a.m.•38 views

Code injection

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS8.1AI score0.07497EPSS
Exploits1References11Affected Software2
Prion
Prion
•added 2013/01/04 4:46 a.m.•38 views

Sql injection

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

5CVSS7.7AI score0.04458EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2012/06/22 2:55 p.m.•38 views

Sql injection

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.8AI score0.04174EPSS
Exploits4References5Affected Software2
Prion
Prion
•added 2012/06/16 12:55 a.m.•38 views

Heap overflow

Heap-based buffer overflow in the LookupMarkMarkPos function in the HarfBuzz module harfbuzz-gpos.c, as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

9.3CVSS8.4AI score0.07543EPSS
Exploits0References28Affected Software8
Prion
Prion
•added 2012/05/16 12:55 a.m.•38 views

Code injection

Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products...

10CVSS6.8AI score0.0366EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2012/04/21 11:55 p.m.•38 views

Cross site scripting

Cross-site scripting XSS vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different...

10CVSS5.8AI score0.09088EPSS
Exploits10References15Affected Software1
Prion
Prion
•added 2012/02/08 4:11 a.m.•38 views

Authentication flaw

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417...

6CVSS6.2AI score0.45576EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2011/12/30 1:55 a.m.•38 views

Code injection

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

5CVSS6.8AI score0.83911EPSS
Exploits15References27Affected Software1
Prion
Prion
•added 2011/11/01 10:55 p.m.•38 views

Sql injection

SQL injection vulnerability in ogpshow.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

7.5CVSS9.1AI score0.01023EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2011/08/19 5:55 p.m.•38 views

Heap overflow

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

9.3CVSS7.5AI score0.12709EPSS
Exploits0References38Affected Software3
Prion
Prion
•added 2011/08/12 6:55 p.m.•38 views

Integer overflow

Multiple integer overflows in tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers 1 a buffer overflow during a decompression loop or 2 an...

6.9CVSS8.1AI score0.00705EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2011/07/08 8:55 p.m.•38 views

Code injection

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone RPZ contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service named daemon crash via an unspecified query...

2.6CVSS7.1AI score0.0888EPSS
Exploits1References10Affected Software1
Prion
Prion
•added 2011/03/02 8:0 p.m.•38 views

Design/Logic Flaw

The glob implementation in the GNU C Library aka glibc or libc6 allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a differen...

4CVSS6.5AI score0.32357EPSS
Exploits11References5
Prion
Prion
•added 2011/03/02 8:0 p.m.•38 views

Design/Logic Flaw

The vsffilenamepassesfilter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service CPU consumption and process slot exhaustion via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632...

4CVSS6.5AI score0.7332EPSS
Exploits18References25Affected Software6
Prion
Prion
•added 2010/11/10 3:0 a.m.•38 views

Stack overflow

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overfl...

9.3CVSS8.7AI score0.89497EPSS
Exploits14References10Affected Software1
Prion
Prion
•added 2010/11/09 9:0 p.m.•38 views

Directory traversal

Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...

7.1CVSS6.8AI score0.07502EPSS
Exploits3References17Affected Software1
Prion
Prion
•added 2010/11/09 1:0 a.m.•38 views

Null pointer dereference

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ZIP archive...

4.3CVSS6.7AI score0.13333EPSS
Exploits6References26Affected Software2
Prion
Prion
•added 2010/10/18 5:0 p.m.•38 views

Default credentials

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service...

10CVSS9.6AI score0.89871EPSS
Exploits17References14Affected Software2
Prion
Prion
•added 2010/09/16 9:0 p.m.•38 views

Memory corruption

Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

10CVSS7.5AI score0.01583EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2010/09/15 7:0 p.m.•38 views

Buffer overflow

Buffer overflow in Microsoft Internet Information Services IIS 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."...

9.3CVSS8.3AI score0.32826EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2010/08/05 1:23 p.m.•38 views

Cross site scripting

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when th...

6.8CVSS7.9AI score0.83397EPSS
Exploits8References8Affected Software1
Prion
Prion
•added 2010/04/23 2:30 p.m.•38 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1767. Reason: This candidate is a duplicate of CVE-2010-1767. Notes: All CVE users should reference CVE-2010-1767 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.6AI score0.00958EPSS
Exploits0
Prion
Prion
•added 2009/12/04 9:30 p.m.•39 views

Buffer overflow

The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...

5CVSS6.6AI score0.3038EPSS
Exploits5References58Affected Software2
Prion
Prion
•added 2009/11/23 5:30 p.m.•38 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to area.php; the 2 pagina, 3 sentido, 4 qregistros, and 5 orden parameters to area.php; 6 the qregistros parameter to solicdisplay.php; 7 the...

4.3CVSS6AI score0.01943EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2009/07/07 11:30 p.m.•38 views

Cross site scripting

Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header...

4.3CVSS5.7AI score0.14381EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2009/05/28 2:30 p.m.•38 views

Unrestricted file upload

Unrestricted file upload vulnerability in imageupload.php in the SimpleBoard comsimpleboard component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direc...

6.8CVSS7.9AI score0.03548EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2008/09/03 2:12 p.m.•38 views

Design/Logic Flaw

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...

10CVSS6.5AI score0.03912EPSS
Exploits1References18Affected Software4
Prion
Prion
•added 2008/08/20 4:41 p.m.•38 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action...

4.3CVSS6.1AI score0.01068EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2008/08/13 12:41 a.m.•38 views

Directory traversal

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...

4.3CVSS6.5AI score0.99708EPSS
Exploits23References43Affected Software1
Prion
Prion
•added 2008/05/16 12:54 p.m.•38 views

Integer overflow

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow...

9.3CVSS8.1AI score0.08126EPSS
Exploits1References24Affected Software1
Prion
Prion
•added 2008/04/09 9:5 p.m.•38 views

Code injection

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly...

9.3CVSS7.7AI score0.5977EPSS
Exploits3References22Affected Software4
Prion
Prion
•added 2007/09/21 7:17 p.m.•38 views

Integer overflow

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528...

10CVSS7.8AI score0.20413EPSS
Exploits2References18Affected Software6
Prion
Prion
•added 2007/09/21 7:17 p.m.•38 views

Design/Logic Flaw

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers ...

10CVSS7.7AI score0.06496EPSS
Exploits1References18Affected Software6
Prion
Prion
•added 2007/09/14 1:17 a.m.•38 views

Directory traversal

Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library VBTOVSI.DLL 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can b...

5.8CVSS7.1AI score0.1636EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2006/04/10 6:6 p.m.•38 views

Cross site scripting

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

4.3CVSS5.8AI score0.10813EPSS
Exploits1References34Affected Software1
Prion
Prion
•added 2024/03/14 10:47 p.m.•37 views

Code injection

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user...

8.1AI score0.8126EPSS
Exploits9References2Affected Software1
Prion
Prion
•added 2024/03/12 9:15 p.m.•37 views

Open redirect

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth...

5.8CVSS5.9AI score0.00583EPSS
Exploits1References3
Prion
Prion
•added 2024/03/12 5:15 p.m.•37 views

Privilege escalation

Windows Error Reporting Service Elevation of Privilege Vulnerability...

4.3CVSS8.5AI score0.04014EPSS
Exploits0References1
Prion
Prion
•added 2024/03/11 10:15 p.m.•37 views

Code injection

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

4.3CVSS6.5AI score0.00647EPSS
Exploits1References2
Prion
Prion
•added 2024/03/11 8:15 p.m.•37 views

Command injection

SOY CMS is an open source CMS content management system that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the executi...

5.8CVSS7.4AI score0.01618EPSS
Exploits0References2
Prion
Prion
•added 2024/03/11 6:15 p.m.•37 views

Sql injection

The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins...

7.2AI score0.00756EPSS
Exploits2References1
Prion
Prion
•added 2024/03/11 6:15 p.m.•37 views

Race condition

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending...

7.2AI score0.00163EPSS
Exploits0References2
Prion
Prion
•added 2024/03/11 6:15 p.m.•37 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "isvalidringptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned...

7.3AI score0.00279EPSS
Exploits0References5
Prion
Prion
•added 2024/03/05 2:15 a.m.•37 views

Command injection

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

7.9AI score0.02017EPSS
Exploits0References3
Prion
Prion
•added 2024/02/29 8:15 p.m.•37 views

Information disclosure

A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajaxloginsubmitform of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs leads to information exposure through error message. The...

5CVSS5.2AI score0.00616EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 8:15 p.m.•37 views

Buffer overflow

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input, and possibly remote code execution...

8.5AI score0.00617EPSS
Exploits1References1
Total number of security vulnerabilities5000