32 matches found
CVE-2026-7671 CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication
A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...
CVE-2026-7671
creationtimestamp| type| source ---|---|--- 2026-05-02 21:00:04+00:00| seen| Telegram/FLV6t7Va3cw7z9NmSu7nucQbg4vUfz1QpezNhFqmTOM...
CVE-2020-7671
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...
CVE-2019-7671
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site...
Linux Distros Unpatched Vulnerability : CVE-2017-7671
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a DOS attack vulnerability in Apache Traffic Server ATS 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the serv...
MAL-2025-7671 Malicious code in @crabas0npm2/labore-veniam-quisquam (npm)
The package @crabas0npm2/labore-veniam-quisquam was found to contain malicious code...
CVE-2024-7671
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...
Autodesk Navisworks Manage 25.0.x < 25.0.999.0 (2025.3) Multiple Vulnerabilities (adsk-sa-2024-0015)
The version of Autodesk Navisworks Manage installed on the remote host is prior to 25.0.999.0 2025.3. It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0015 advisory. - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, ca...
Autodesk Navisworks Freedom 25.0.x < 25.0.999.0 (2025.3) Multiple Vulnerabilities (adsk-sa-2024-0015)
The version of Autodesk Navisworks Freedom installed on the remote host is prior to 25.0.999.0 2025.3. It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0015 advisory. - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, c...
Autodesk Navisworks Simulate 25.0.x < 25.0.999.0 (2025.3) Multiple Vulnerabilities (adsk-sa-2024-0015)
The version of Autodesk Navisworks Simulate installed on the remote host is prior to 25.0.999.0 2025.3. It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0015 advisory. - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks,...
CVE-2020-7671
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...
CVE-2020-7671
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...
CVE-2020-7671
CVE-2020-7671 affects the goliath framework up to version 1.0.6. The issue enables HTTP request smuggling when goliath is used as a backend and frontend proxy, via sending the Content-Length header twice and due to invalid Transfer-Encoding headers being parsed as valid (TE:CL smuggling). The con...
Prima Access Control 2.3.35 - (HwName) Persistent Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Prima Access Control 2.3.35 Cross Site Scripting
Prima Access Control 2.3.35 Authenticated Stored XSS CVE: CVE-2019-7671 Advisory: https://applied-risk.com/resources/ar-2019-007 Discovered by Gjoko 'LiquidWorm' Krstic POST /bin/sysfcgi.fx HTTP/1.1 Host: 192.168.13.37 Connection: keep-alive Content-Length: 265 Origin: https://192.168.13.37...
Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting
Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version:...
CVE-2019-7671
CVE-2019-7671 affects Prima Systems FlexAir (Versions 2.3.38 and earlier). The issue is an authenticated Stored XSS vector where parameters sent to scripts are not properly sanitized, potentially allowing code execution in a user’s browser context. Public PoCs exist (e.g., HwName Stored XSS via P...
Debian DSA-4128-1 : trafficserver - security update
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash. C Tenable Network Security, Inc. The descriptive text and...
[SECURITY] [DSA 4128-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4128-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2018 https://www.debian.org/security/faq -...