Lucene search
K

4149 matches found

Openbugbounty
Openbugbounty
added 2023/05/01 4:25 a.m.9 views

webapps-test.rodenstock.com Open Redirect vulnerability OBB-3284630

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
0day.today
0day.today
added 2023/04/12 12:0 a.m.345 views

InnovaStudio WYSIWYG Editor Asset Manager 5.4 Shell Upload Vulnerability

InnovaStudio WYSIWYG Editor Asset Manager versions 5.4 and below suffer from a remote shell upload vulnerability. Exploit Title: InnovaStudio WYSIWYG Editor 5.4 ASSET MANAGER Unrestricted File Upload / Directory Traversal / Multiple WebApps Exploit Date: 11/04/2023 Exploit Author: Zer0FauLT...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.260 views

Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)

Exploit Title: Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution RCE Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76...

8.8CVSS8.9AI score0.0454EPSS
Exploits3
0day.today
0day.today
added 2023/04/02 12:0 a.m.262 views

GitLab v15.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to...

9.9CVSS9.2AI score0.75718EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/01 12:0 a.m.322 views

GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Date: 2022-12-25 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to...

9.9CVSS9.8AI score0.75718EPSS
Exploits4
0day.today
0day.today
added 2023/03/06 12:0 a.m.343 views

Agilebio Lab Collector 4.234 Remote Code Execution Exploit

Exploit Title: Agilebio Lab Collector Electronic Lab Notebook Remote Code Execution Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76 Website:...

8.8CVSS8.7AI score0.0454EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.6 views

SUSE CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

5.9CVSS8.6AI score0.0418EPSS
Exploits1References5
CVE
CVE
added 2022/10/27 12:0 a.m.164 views

CVE-2022-3095

CVE-2022-3095 affects Dart/Flutter: the Dart URI class uses RFC 3986 syntax for backslash parsing, diverging from WhatWG URL standards and causing incompatibilities with \ in URIs. This can enable authentication bypass in web apps that parse URIs. Affected: Dart versions prior to 2.18 and Flutter...

9.8CVSS9.6AI score0.00867EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/27 12:0 a.m.32 views

CVE-2022-3095 Incorrect parsing of the backslash characters in Dart library

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...

9.8CVSS9.7AI score0.00867EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.3 views

jetty: Symlink directory exposes webapp directory contents

If the $jetty.base directory or the $jetty.base/webapps directory is a symlink the contents of the $jetty.base/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality...

4CVSS7.3AI score0.0418EPSS
Exploits1References5
NVD
NVD
added 2022/09/05 12:15 a.m.47 views

CVE-2022-39196

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...

6.5CVSS0.01167EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.10 views

The vulnerability of the webapps component of the server container in Eclipse Jetty allows a hacker to gain unauthorized access to protected information.

The vulnerability of the webapps component of the server container in Eclipse Jetty is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

5.3CVSS6.4AI score0.0418EPSS
Exploits1References30Affected Software11
Positive Technologies
Positive Technologies
added 2022/09/04 12:0 a.m.6 views

PT-2022-24797 · Blackboard · Blackboard Learn

Name of the Vulnerable Software and Affected Versions: Blackboard Learn version 1.10.1 Description: The issue allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain "webapps/bbcms/execute/" URL. The vendor disputes this,...

6.5CVSS6.2AI score0.01167EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2022/08/15 12:0 a.m.371 views

Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure

Exploit Title: Gigaland NFT marketplace Shell upload and ETH private key leak Google Dork: N/A Date: 14/8/2022 Exploit Author: Sohel Yousef https://www.linkedin.com/in/sohel-yousef-50a905189/ Software Link: https://gigaland.io/ Version: 1.9 Category: webapps 1. Sell Upload after connectiong your...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.12 views

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, Microsoft Office Web Apps Server, and Microsoft Office Online Server lies in the insufficient protection of operational data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, Microsoft Office Web Apps Server, and Microsoft Office Online Server relates to insufficient protection of operational data. Exploiting this vulnerability can allow attackers to gain unauthorized access to...

5.5CVSS6.6AI score0.02581EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2022/05/16 12:0 a.m.264 views

HighCMS/HighPortal 12.x SQL Injection

Exploit Title: HighCMS/HighPortal v12.x SQL Inj Type : WEBAPPS "HighCMS/HighPortal" Platform : ASP.NET Date : 4/23/2022 Exploit Author : E1.Coders Software Link : https://aryanic.com/page/portal Version : v12.x Category : Webapps Tested on: Linux/Windows Google Dork:...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/05/16 12:0 a.m.261 views

HighCMS / HighPortal 12.x SQL Injection Vulnerability

Exploit Title: HighCMS/HighPortal v12.x SQL Inj Type : WEBAPPS "HighCMS/HighPortal" Platform : ASP.NET Exploit Author : E1.Coders Software Link : https://aryanic.com/page/portal Version : v12.x Category : Webapps Tested on: Linux/Windows Google Dork:...

0.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 1:10 a.m.35 views

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4.3CVSS6.5AI score0.12555EPSS
Exploits0References46Affected Software1
0day.today
0day.today
added 2022/02/09 12:0 a.m.331 views

AtomCMS v2.0 - SQL injection Vulnerability

Exploit Title: AtomCMS v2.0 - SQLi Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Version: v2.0 Category: Webapps Tested on: Debian linux CVE : CVE-2022-24223 ==================================================== PoC : SQLi :...

9.8CVSS0.2AI score0.61965EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.278 views

Atom CMS 2.0 SQL Injection

Exploit Title: AtomCMS v2.0 - SQLi Date: 08/02/2022 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Version: v2.0 Category: Webapps Tested on: Debian linux CVE : CVE-2022-24223 ==================================================== PoC : SQLi :...

9.8CVSS0.4AI score0.61965EPSS
Exploits4
Rows per page
Query Builder