Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2022/06/30 5:15 a.m.•100 views

Design/Logic Flaw

A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

6.9CVSS7.7AI score0.01171EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2006/03/19 1:2 a.m.•100 views

Sql injection

Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 email or 2 pass parameter to admin/index.php...

7.5CVSS9.2AI score0.02099EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2023/11/14 6:15 p.m.•99 views

Design/Logic Flaw

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path...

4.4CVSS6.9AI score0.00309EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/04 12:15 p.m.•99 views

Code injection

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

5.8CVSS6AI score0.00972EPSS
Exploits2References1Affected Software46
Prion
Prion
•added 2021/09/22 1:15 p.m.•99 views

Command injection

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands...

9.3CVSS9.5AI score0.99869EPSS
Exploits23References5Affected Software19
Prion
Prion
•added 2021/07/12 1:15 p.m.•99 views

Input validation

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...

7.2CVSS7.9AI score0.00426EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/04/01 3:15 p.m.•99 views

Design/Logic Flaw

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame...

7.8CVSS7.3AI score0.53861EPSS
Exploits1References107Affected Software20
Prion
Prion
•added 2007/10/24 11:46 p.m.•99 views

Directory traversal

Directory traversal vulnerability in index.php in InstaGuide Weather aka Weather for PHP 1.0, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PageName parameter...

6.8CVSS7.7AI score0.02096EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2024/02/29 1:44 a.m.•98 views

Deserialization of untrusted data

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The...

6.4CVSS8.3AI score0.01211EPSS
Exploits1References3
Prion
Prion
•added 2023/07/31 3:15 p.m.•98 views

Cross site scripting

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...

5.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/09/23 8:15 p.m.•98 views

Buffer overflow

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution...

6.8CVSS8.8AI score0.03518EPSS
Exploits0References6Affected Software7
Prion
Prion
•added 2021/10/04 6:15 p.m.•98 views

Integer overflow

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

9CVSS8.5AI score0.02497EPSS
Exploits0References9Affected Software4
Prion
Prion
•added 2015/02/24 8:59 p.m.•98 views

Directory traversal

Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename...

5CVSS7.2AI score0.01639EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2013/07/08 10:55 p.m.•98 views

Authentication flaw

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

7.8CVSS7.1AI score0.81802EPSS
Exploits2References7Affected Software2
Prion
Prion
•added 2012/01/20 5:55 p.m.•97 views

Sql injection

SQL injection vulnerability in deV!L'z Clanportal DZCP Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php...

7.5CVSS9.1AI score0.01107EPSS
Exploits1References3
Prion
Prion
•added 2011/05/24 11:55 p.m.•97 views

Integer overflow

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOBAPPEND and GLOBDOOFFS flags, a different issue than CVE-2011-0418...

5CVSS6.9AI score0.07255EPSS
Exploits5References4Affected Software1
Prion
Prion
•added 2024/03/15 3:32 a.m.•96 views

Cross site request forgery (csrf)

An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account...

7.8AI score0.00457EPSS
Exploits0References1
Prion
Prion
•added 2023/08/17 7:15 p.m.•96 views

Heap overflow

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::writeint function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

1.9CVSS5.5AI score0.00319EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/07/22 5:15 a.m.•96 views

Authentication flaw

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

4CVSS4.6AI score0.00709EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/04/12 2:15 p.m.•96 views

Authorization

An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/installation/register.php allows an unauthorized person to create valid credentials...

7.5CVSS9.2AI score0.03318EPSS
Exploits3References3Affected Software1
Prion
Prion
•added 2017/04/10 2:59 p.m.•96 views

Default credentials

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile...

5CVSS6.5AI score0.0119EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2014/10/23 2:55 p.m.•96 views

Open redirect

Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 2.1.8102.813, 2.2 2.2.8279.16125, and 2.3 2.3.9074.18820 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx...

5.8CVSS7.1AI score0.01971EPSS
Exploits2References5Affected Software1
Prion
Prion
•added 2023/08/11 1:15 p.m.•95 views

Sql injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

6.5CVSS8.9AI score0.01572EPSS
Exploits0References28Affected Software3
Prion
Prion
•added 2023/09/01 11:15 a.m.•94 views

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile...

4CVSS4.6AI score0.00393EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/24 11:15 p.m.•94 views

Design/Logic Flaw

Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0...

3.3CVSS5AI score0.0063EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/07/05 10:15 p.m.•94 views

Path traversal

Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are...

5.5CVSS7.8AI score0.00975EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2022/08/24 4:15 p.m.•94 views

Default credentials

A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...

5CVSS6.4AI score0.02511EPSS
Exploits0References9Affected Software3
Prion
Prion
•added 2019/09/24 9:15 p.m.•94 views

Design/Logic Flaw

An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine VM to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method...

4.9CVSS6.2AI score0.00906EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2013/04/04 5:55 p.m.•94 views

Design/Logic Flaw

PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors...

10CVSS7.3AI score0.02206EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2009/07/13 5:30 p.m.•94 views

Format string

Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...

8.5CVSS7.1AI score0.10586EPSS
Exploits2References18Affected Software1
Prion
Prion
•added 2008/08/20 4:41 p.m.•94 views

Directory traversal

Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via 1 a .. dot dot, 2 a URL, or possibly 3 a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are...

6.3CVSS7.2AI score0.03928EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2020/12/17 3:15 a.m.•93 views

Command injection

LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...

10CVSS9.4AI score0.03112EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2019/12/10 7:15 p.m.•93 views

Open redirect

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0...

7.5CVSS7.1AI score0.0155EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2007/10/06 5:17 p.m.•93 views

Format string

Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster PB is enabled, allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via format...

9.3CVSS8.5AI score0.07483EPSS
Exploits1References10Affected Software3
Prion
Prion
•added 2006/01/19 12:3 a.m.•93 views

Remote file inclusion

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter...

7.5CVSS8.2AI score0.02512EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/08/24 11:15 p.m.•92 views

Design/Logic Flaw

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

6.5CVSS8.8AI score0.0127EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2023/06/29 5:15 p.m.•92 views

Hardcoded credentials

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

5CVSS4.9AI score0.00413EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/12/29 7:15 p.m.•92 views

Spoofing

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

4.9CVSS5.3AI score0.00502EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/01/01 12:15 a.m.•92 views

Heap overflow

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in answerrequest called from FuzzAnswerTheRequest and fuzzrfc1035.c. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...

7.5CVSS9.5AI score0.0259EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2023/09/21 7:15 p.m.•91 views

Code injection

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

7.5CVSS8.9AI score0.29179EPSS
Exploits3References2Affected Software6
Prion
Prion
•added 2023/09/02 8:15 p.m.•91 views

Heap overflow

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848...

4.4CVSS7.6AI score0.006EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2023/02/16 7:15 a.m.•91 views

Design/Logic Flaw

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

5CVSS6.2AI score0.01408EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/09/08 2:15 p.m.•91 views

Design/Logic Flaw

This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...

4.3CVSS5.1AI score0.00823EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/07/08 11:15 a.m.•91 views

Code injection

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext...

5CVSS7.8AI score0.00858EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/02/24 10:15 p.m.•91 views

Default configuration

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

7.5CVSS9.7AI score0.9927EPSS
Exploits45References51Affected Software19
Prion
Prion
•added 2024/02/29 1:44 a.m.•90 views

Code injection

http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded via httpSwagger.WrapHandler and webdav.memFile can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because if a solution continued to allow...

6AI score0.02333EPSS
Exploits1References2
Prion
Prion
•added 2024/01/16 10:15 p.m.•90 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.7CVSS6.4AI score0.00839EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/01/26 9:15 p.m.•90 views

Design/Logic Flaw

Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...

5CVSS7.5AI score0.13108EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/11/01 8:15 p.m.•90 views

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution...

6.8CVSS8.9AI score0.01424EPSS
Exploits0References6Affected Software7
Prion
Prion
•added 2022/06/16 6:15 a.m.•90 views

Denial of service

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

6.8CVSS8.1AI score0.03437EPSS
Exploits1References7Affected Software2
Total number of security vulnerabilities5000