Vulnerability & Exploit Database

Displaying entries 1 - 10 of 91871 in total

Github Enterprise Default Session Secret And Deserialization Vulnerability Exploit

Disclosed: March 15, 2017

This module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby obje...

Cisco NX-OS: Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability (CVE-2017-3878) Vulnerability

  • Severity: 4
  • Published: March 14, 2017

The Cisco Security Intelligence Operations Portal (SIOP) is a free, customer-facing website that is part of Cisco’s Security Services presence and strategy, and resides at cisco.com/security. A vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unau...

Cisco NX-OS: Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability (CVE-2017-3875) Vulnerability

  • Severity: 4
  • Published: March 14, 2017

The Cisco Security Intelligence Operations Portal (SIOP) is a free, customer-facing website that is part of Cisco’s Security Services presence and strategy, and resides at cisco.com/security. A vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attack...

Cisco NX-OS: Cisco Nexus 9000 Series Switches Remote Login Denial of Service Vulnerability (CVE-2017-3879) Vulnerability

  • Severity: 4
  • Published: March 14, 2017

The Cisco Security Intelligence Operations Portal (SIOP) is a free, customer-facing website that is part of Cisco’s Security Services presence and strategy, and resides at cisco.com/security. A vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthent...

Microsoft CVE-2017-0012: Microsoft Browser Spoofing Vulnerability Vulnerability

  • Severity: 4
  • Published: March 13, 2017

A spoofing vulnerability exists when Microsoft browsers do not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnera...