Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

S12700, S1700,s3700,s5700,s6700,s7700, S9700, Ecns210 Td Security Vulnerabilities

exploitdb
exploitdb

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass

...

8CVSS

5.6AI Score

EPSS

2023-03-27 12:00 AM
110
exploitdb
exploitdb

WebTareas 2.4 - RCE (Authorized)

...

7.4AI Score

2023-03-27 12:00 AM
83
packetstorm
packetstorm

Zoneminder Log Injection / XSS / Cross Site Request Forgery

...

6.5CVSS

5.7AI Score

0.001EPSS

2023-03-27 12:00 AM
151
code423n4
code423n4

Possible loss of funds when withdrawing from L2 to L1

Lines of code https://github.com/code-423n4/2023-03-zksync/blob/main/contracts/libraries/SystemContractHelper.sol#L48 Vulnerability details Impact Context To initiate a withdrawal from L2 to L1, a user can call L2EthToken.withdraw method, then funds will be available to calim on L1 via...

6.9AI Score

2023-03-18 12:00 AM
1
talosblog
talosblog

Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild

Update March 21, 2023: To aid defenders trying to detect and mitigate this vulnerability, we are providing a couple of additional resources. First, we are providing a ClamAV signature that detects this threat -- the rule can be found on our GitHub here and can be leveraged anywhere ClamAV...

9.8CVSS

9.8AI Score

0.915EPSS

2023-03-15 11:46 PM
59
talosblog
talosblog

Researcher Spotlight: How David Liebenberg went from never having opened Terminal to hunting international APTs

When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before -- let alone written a Snort rule or infiltrated a dark web forum. He jokes that he was a trendsetter at Talos, becoming the first of many to break into security without having any prior...

6.4AI Score

2023-03-13 12:00 PM
20
zdt
zdt

SugarCRM 12.x Remote Code Execution / Shell Upload Exploit

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to...

8.8CVSS

9AI Score

0.537EPSS

2023-03-10 12:00 AM
439
githubexploit
githubexploit

Exploit for Vulnerability in Splunk

...

7.5CVSS

7AI Score

0.001EPSS

2023-02-17 09:26 PM
103
hackerone
hackerone

TD Bank: Server-Status leads to exposure information

Summary Hi team i hope you are well t is a pleasure to work in your program. I will begin to present the vulnerability that I found it: Server-status leads to disclosure information Steps Vulnerable subdomain : 1.https://cred.sit.td.com/ Example POC: https://cred.sit.td.com/server-status Path:...

-0.3AI Score

2023-02-02 08:16 PM
22
wpexploit
wpexploit

Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF...

6.5CVSS

0.3AI Score

0.001EPSS

2022-12-28 12:00 AM
216
talos
talos

OpenImageIO TIFF tile pels decoding heap-based buffer overflow

Talos Vulnerability Report TALOS-2022-1633 OpenImageIO TIFF tile pels decoding heap-based buffer overflow December 22, 2022 CVE Number CVE-2022-41639 SUMMARY A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and...

9.8CVSS

-0.3AI Score

0.004EPSS

2022-12-22 12:00 AM
13
huntr
huntr

Cross Site Scripting (XSS) Reflected

Description Reflected cross-site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. # Proof of Concept ``` https://github.com/phpipam/phpipam/blob/master/app/subnets/mail-notify-subnet.php look in...

6.1CVSS

5.9AI Score

0.001EPSS

2022-12-08 03:56 AM
14
huntr
huntr

Unauthenticated stored XSS via username & name parameters

There is a stored XSS vulnerability due to improper sanitization of usernames. Vulnerable code User.php line 532: ```php public function isValidLogin(string $login): bool { $login = (string)$login; if (strlen($login) &lt; $this-&gt;loginMinLength || !preg_match($this-&gt;validUsername,...

-0.6AI Score

2022-11-03 09:48 PM
13
wpvulndb
wpvulndb

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address PoC Run the below command in the developer console of the web browser while being on the blog as an...

9.8CVSS

2.3AI Score

0.003EPSS

2022-10-24 12:00 AM
50
veracode
veracode

Cross-Site Scripting (XSS)

zoneminder is vulnerable to cross-site scripting. The vulnerability is possible by backing out of the current "tr" "td" brackets which allows an attacker to inject and execute code that will execute when a user views the specific log on the "view=log"...

5.4CVSS

5.6AI Score

0.001EPSS

2022-10-20 07:32 PM
11
nuclei
nuclei

Member Hero <=1.0.9 - Remote Code Execution

WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware,...

9.8CVSS

10AI Score

0.284EPSS

2022-10-20 09:44 AM
1
packetstorm
packetstorm

MapTool 1.11.5 Cross Site Scripting

...

-0.1AI Score

2022-10-17 12:00 AM
180
vulnerlab
vulnerlab

Stripe Green Downloads 2.03 - Cross Site Web Vulnerability

...

-0.3AI Score

2022-10-17 12:00 AM
191
packetstorm
packetstorm

Vicidial 2.14-783a Cross Site Scripting

...

AI Score

2022-10-17 12:00 AM
214
Total number of security vulnerabilities8523