Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2008/02/19 12:0 a.m.35 views

Unrestricted file upload

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...

9.3CVSS8.2AI score0.05194EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/10/11 10:17 a.m.35 views

Hardcoded credentials

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

2.6CVSS7.4AI score0.01442EPSS
Exploits0References2
Prion
Prion
added 2007/10/09 6:17 p.m.35 views

Command injection

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

7.5CVSS7.4AI score0.0406EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2007/07/27 10:30 p.m.35 views

Design/Logic Flaw

The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation...

5CVSS8.9AI score0.05321EPSS
Exploits0References14Affected Software2
Prion
Prion
added 2007/07/23 4:30 p.m.35 views

Heap overflow

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions PCRE library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE:...

9.3CVSS7.7AI score0.06533EPSS
Exploits2References11Affected Software2
Prion
Prion
added 2007/06/26 10:30 p.m.35 views

Design/Logic Flaw

The gssrpcsvcauthgssapi function in the RPC library in MIT Kerberos 5 krb5 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup...

10CVSS7.4AI score0.11376EPSS
Exploits1References52Affected Software3
Prion
Prion
added 2007/05/22 12:30 a.m.35 views

Code injection

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

4.3CVSS6.4AI score0.03485EPSS
Exploits0References53Affected Software3
Prion
Prion
added 2007/04/19 10:19 a.m.35 views

Remote file inclusion

PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack comjpack 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

6.8CVSS7.8AI score0.04837EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/03/10 10:19 p.m.36 views

Stack overflow

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or...

10CVSS8.3AI score0.1983EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2006/04/20 10:2 a.m.35 views

Hardcoded credentials

Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service null dereference and application crash or hang via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724...

5CVSS6.4AI score0.0689EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2006/02/25 11:2 a.m.35 views

Sql injection

Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...

7.5CVSS8.2AI score0.03462EPSS
Exploits3References8Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.34 views

Cross site scripting

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

7.3AI score0.00722EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/03/13 2:15 p.m.34 views

Cross site scripting

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings'titletags'' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible f...

5.5CVSS5.7AI score0.00335EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 8:15 p.m.34 views

Design/Logic Flaw

Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager =1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been...

4.3CVSS8.5AI score0.0133EPSS
Exploits1References5
Prion
Prion
added 2024/03/12 5:15 p.m.34 views

Privilege escalation

Windows Kernel Elevation of Privilege Vulnerability...

4.3CVSS8.6AI score0.05617EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 3:15 p.m.34 views

Sql injection

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets...

7.5CVSS9.6AI score0.97591EPSS
Exploits4References1
Prion
Prion
added 2024/03/12 11:15 a.m.34 views

Design/Logic Flaw

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC 7KM3120-0BA01-1DA0 All versions = V3.2.3 = V3.2.3 = V3.2.3 = V3.2.3 V3.3.0 only when manufactured between LQN231003... and LQN231215... with LQNYYMMDD.... The read out protection of the internal flash of affected devices was not...

2.1CVSS4.5AI score0.00223EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 4:15 a.m.34 views

Design/Logic Flaw

Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 through 11-20-, from 11-10 through 11-10-, from 11-00...

1CVSS7AI score0.00172EPSS
Exploits0References1
Prion
Prion
added 2024/03/11 8:15 p.m.34 views

Design/Logic Flaw

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

4.6CVSS4.8AI score0.00431EPSS
Exploits0References3
Prion
Prion
added 2024/03/11 4:15 p.m.34 views

Out-of-bounds

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

4.3CVSS7.9AI score0.00591EPSS
Exploits0References1
Prion
Prion
added 2024/03/09 7:15 a.m.34 views

Design/Logic Flaw

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...

4CVSS7AI score0.0041EPSS
Exploits0References2
Prion
Prion
added 2024/03/08 2:15 a.m.34 views

Information disclosure

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information...

5.5AI score0.00289EPSS
Exploits0References6
Prion
Prion
added 2024/03/06 5:15 p.m.34 views

Cross site scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...

5.4AI score0.80173EPSS
Exploits0References1
Prion
Prion
added 2024/03/04 3:15 a.m.34 views

Information disclosure

In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945...

6AI score0.00088EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 8:15 p.m.34 views

Null pointer dereference

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub4484A8. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7AI score0.00644EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:44 a.m.34 views

Path traversal

Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue...

7.6AI score0.47667EPSS
Exploits0References6
Prion
Prion
added 2024/02/29 1:42 a.m.34 views

Design/Logic Flaw

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

2.6CVSS7.8AI score0.00642EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:40 a.m.34 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information...

2.1CVSS5.7AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2024/02/28 9:15 a.m.34 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix memleak when mt7915unregisterdevice mt7915txtokenput should get call before mt76freependingtxwi...

6.8AI score0.00235EPSS
Exploits0References3
Prion
Prion
added 2024/02/28 9:15 a.m.34 views

Design/Logic Flaw

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acxcsmasubscribeajax' function. This can allow authenticated attackers to extract sensitive data such as names and email...

4CVSS4.5AI score0.00494EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 9:15 a.m.34 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venusprobe' If an error occurs after a successful 'oficcget' call, it must be undone. Use 'devmoficcget' instead of 'oficcget' to avoid the leak. Update the remove...

6.6AI score0.00239EPSS
Exploits0References4
Prion
Prion
added 2024/02/26 4:28 p.m.34 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sysmembarrier On some systems, sysmembarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to preve...

7AI score0.00316EPSS
Exploits0References8
Prion
Prion
added 2024/02/26 4:27 p.m.34 views

Design/Logic Flaw

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for oth...

6.8AI score0.01209EPSS
Exploits0References2
Prion
Prion
added 2024/02/23 11:15 a.m.34 views

Cross site request forgery (csrf)

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cpshortcoderefresh function. This makes it possible for unauthenticated attackers to execute arbitra...

4.3CVSS5AI score0.00212EPSS
Exploits0References2
Prion
Prion
added 2024/02/23 1:15 a.m.34 views

Stack overflow

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130/9.3.5u.6698B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument httphost leads to stack-based buffer overflow...

10CVSS7.3AI score0.02029EPSS
Exploits1References3
Prion
Prion
added 2024/02/22 5:15 p.m.34 views

Authentication flaw

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

4.3CVSS7.1AI score0.01177EPSS
Exploits0References5Affected Software4
Prion
Prion
added 2024/02/17 2:15 a.m.34 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS6.6AI score0.01117EPSS
Exploits0References1
Prion
Prion
added 2024/02/14 2:15 p.m.34 views

Buffer overflow

Improper buffer restrictions in some IntelR ThunderboltTM DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access...

1.7CVSS6.6AI score0.0021EPSS
Exploits0References1
Prion
Prion
added 2024/02/13 6:15 p.m.34 views

Remote code execution

Microsoft Office Remote Code Execution Vulnerability...

4.4CVSS7.6AI score0.01177EPSS
Exploits0References1Affected Software7
Prion
Prion
added 2024/02/09 9:15 a.m.34 views

Out-of-bounds

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...

7.5CVSS9.6AI score0.80835EPSS
Exploits12References1Affected Software2
Prion
Prion
added 2024/02/05 2:15 p.m.34 views

Command injection

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute...

7.5CVSS7.9AI score0.03224EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/30 10:15 p.m.34 views

Design/Logic Flaw

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. Chromium security severity: High...

6.8CVSS7.2AI score0.0093EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2024/01/23 9:15 p.m.34 views

Input validation

A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

4.3CVSS7.7AI score0.00138EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/23 2:15 p.m.34 views

Design/Logic Flaw

When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

4.3CVSS6.1AI score0.006EPSS
Exploits0References6Affected Software4
Prion
Prion
added 2024/01/16 10:15 p.m.34 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

4CVSS6.6AI score0.01057EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/10 10:15 p.m.34 views

Design/Logic Flaw

The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing...

4.3CVSS5.8AI score0.00523EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2024/01/09 6:15 p.m.34 views

Security feature bypass

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability...

7.5CVSS6.9AI score0.02778EPSS
Exploits0References2Affected Software4
Prion
Prion
added 2024/01/08 10:15 a.m.34 views

Design/Logic Flaw

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0...

1.7CVSS7.4AI score0.00153EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/29 12:15 p.m.34 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06...

5.8CVSS7.9AI score0.00584EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/26 3:15 p.m.34 views

Code injection

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code...

7.5CVSS8.2AI score0.96001EPSS
Exploits12References7Affected Software1
Total number of security vulnerabilities5000