EUVD-2018-17513

Malware in sbrugna...

Atlassian Jira 9.13.x < 9.16.0 Information Disclosure

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...

CVE-2022-2658 WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting

The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Spell Check 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2017-20133 Itech Job Portal Script admin improper authentication

A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely...

dirsearch 0.4.1 - CSV Injection Vulnerability

Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv file without...

Knockpy 4.1.1 - CSV Injection

Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...

Knockpy 4.1.1 - CSV Injection Exploit

Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch details such as headers...

ALPINE-CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2018-5744

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1, and versions 9.10.7-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 - 9.13.6 of th...

Design/Logic Flaw

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

CVE-2019-6467 affects BIND's nxdomain-redirect feature. A programming error can trigger an assertion failure in query.c when the alternate namespace used for NXDOMAIN redirection is a descendant of a locally served zone. Affected: BIND 9.12.0–9.12.4, 9.14.0, and all 9.13 development releases. Con...

CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, ...

CVE-2016-4374

HPE Release Control RC 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors...

CVE-2016-4374

CVE-2016-4374 affects HPE Release Control (RC) 9.13, 9.20, and 9.21 prior to 9.21.0005 p4. The issue allows remote authenticated users to perform server-side request forgery (SSRF) and potentially disclose information or cause a DoS via unspecified vectors. No exploitation details are provided in...

CVE-2014-2613

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors...