Page 12 of 66 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." La función duration en el paquete moment en versiones anteriores a 2.11.2 para Node.js permite a atacantes remotos provocar una denegación de servicio (consumo de CPU ) a través de una cadena larga, vulnerabilidad también conocida como "Denial of Service (ReDoS) de expresión regular". • http://www.openwall.com/lists/oss-security/2016/04/20/11 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/95849 https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E https:/ • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/95307 http://www.securitytracker.com/id/1037558 https://www.tenable.com/security/tns-2017-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. El recurso /server/properties en Tenable Web UI anterior a 2.3.5 para Nessus 5.2.3 hasta 5.2.7 permite a atacantes remotos obtener información sensible a través del parámetro token. Tenable Nessus versions 5.2.3 through 5.2.7 suffer from authentication bypass vulnerabilities via parameter tampering. • http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-Tampering-Authentication-Bypass.html http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui http://www.osvdb.org/109376 http://www.securityfocus.com/archive/1/532839/100/0/threaded http://www.securityfocus.com/bid/68782 http://www.securitytracker.com/id/1030614 http://www.tenable.com/security/tns-2014-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. Una condición de carrera en el plugin wmi_malware_scan.nbin anterior a 201402262215 para Nessus 5.2.1 permite a usuarios locales ganar privilegios mediante la sustitución del ejecutable del agente volátil en el directorio temporal de Windows con un programa de caballo de troya. • http://secunia.com/advisories/57403 http://www.securitytracker.com/id/1029946 https://discussions.nessus.org/thread/7195 https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz gráfica para Windows de Nessus Vulnerability Scanner anterior a 3.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://osvdb.org/37011 http://secunia.com/advisories/25856 http://www.nessus.org/news http://www.securityfocus.com/bid/24677 http://www.securitytracker.com/id?1018318 http://www.vupen.com/english/advisories/2007/2362 https://exchange.xforce.ibmcloud.com/vulnerabilities/35118 •