Vulnerability & Exploit Database

Displaying entries 1 - 10 of 128560 in total

Steamed Hams Exploit

Disclosed: August 01, 2018

but it's a Metasploit Module

Cisco ASA: Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability (cisco-sa-20180418-asawvpn2) (CVE-2018-0251) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability ...

Cisco ASA: Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability (cisco-sa-20180418-asawvpn) (CVE-2018-0242) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied i...

Cisco ASA: Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities (cisco-sa-20180418-asa_inspect) (CVE-2018-0240) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilitie...

Cisco ASA: Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability (cisco-sa-20180418-asa3) (CVE-2018-0231) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insuf...

Cisco ASA: Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability (cisco-sa-20180418-asaanyconnect) (CVE-2018-0229) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to es...

Cisco ASA: Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability (cisco-sa-20180418-asa2) (CVE-2018-0228) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal so...

Cisco ASA: Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability (cisco-sa-20180418-asa1) (CVE-2018-0227) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorre...

Red Hat: CVE-2018-2815: Critical: java-1.8.0-openjdk security update ((Multiple Advisories)) Vulnerability

  • Severity: 4
  • Published: April 18, 2018

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple prot...

Red Hat: CVE-2018-2814: Critical: java-1.8.0-openjdk security update ((Multiple Advisories)) Vulnerability

  • Severity: 4
  • Published: April 18, 2018

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Jav...