Lucene search
K

593 matches found

Cvelist
Cvelist
added 2024/04/10 10:14 a.m.40 views

CVE-2024-2243 Csmock: command injection vulnerability in csmock-plugin-snyk

A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...

7.6CVSS7.8AI score0.01053EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/10 10:14 a.m.13 views

CVE-2024-2243 Csmock: command injection vulnerability in csmock-plugin-snyk

A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...

7.6CVSS7.1AI score0.01053EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/03/22 11:54 a.m.51 views

Exploit for CVE-2024-25175

CVE-2024-25175 Reflected XSS via HTTP Response Splitting...

6.1CVSS6.4AI score0.0045EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2024/03/15 6:20 p.m.59 views

Metasploit Wrap-Up 03/15/2024

New module content 3 GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: 18716 contributed by h00die Path: admin/http/gitlabpasswordresetaccounttakeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that leverages an...

7.5CVSS8.7AI score0.99938EPSS
Exploits53
OSV
OSV
added 2024/03/06 11:4 a.m.24 views

BIT-JENKINS-2020-2231

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Toke...

5.4CVSS5.4AI score0.05298EPSS
Exploits3References4
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.4 views

The vulnerability of the Authentication Token Handler component in the IntelliJ IDEA integrated development environment allows a attacker to send the authentication token to any arbitrary URL.

The vulnerability of the Authentication Token Handler component in the IntelliJ IDEA integrated development environment exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to send authentication tokens to any specified URL...

6.4CVSS5.9AI score0.00315EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.25 views

JetBrains IntelliJ IDEA < 2023.3.3 Multiple Vulnerabilities (macOS)

The version of JetBrains IntelliJ IDEA installed on the remote macOS host is prior to 2023.3.3 It is, therefore, affected by multiple vulnerabilities: - Path traversal was possible when unpacking archives CVE-2024-24940 - A plugin for JetBrains Space was able to send an authentication token to an...

6.1CVSS5.3AI score0.00315EPSS
Exploits0References3
Circl
Circl
added 2024/02/07 10:32 p.m.3 views

CVE-2023-6536

creationtimestamp| type| source ---|---|--- 2024-02-07 22:32:27+00:00| seen| https://t.me/ctinow/181001...

7.5CVSS6.5AI score0.01537EPSS
Exploits0References1
OSV
OSV
added 2024/02/06 10:15 a.m.3 views

CVE-2024-24941

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL...

5.3CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/06 9:21 a.m.18 views

CVE-2024-24941

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL...

6.1CVSS7.3AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.6 views

PT-2024-1694 · Jetbrains · Jetbrains Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2023.3.3 Description: The issue exists due to insufficient input validation in the authentication token handler component of the integrated development environment. This could allow a remote attacker ...

6.4CVSS5.5AI score0.00315EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.961 views

CloudLinux CageFS 7.1.1-1 Token Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...

7.4AI score0.00474EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2024/01/22 1:53 p.m.1 views

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

8AI score0.00474EPSS
Exploits2References4
CVE
CVE
added 2024/01/22 1:53 p.m.57 views

CVE-2020-36771

CloudLinux CageFS vulnerability CVE-2020-36771 affects CageFS 7.1.1-1 and earlier: the authentication token is passed as a command line argument, which can allow a local user to view the token via the process list and gain code execution as another user. Affected versions: 7.1.1-1 and below. Root...

7.8CVSS7.9AI score0.00474EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2024/01/22 1:53 p.m.30 views

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

8AI score0.00474EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.10 views

PT-2024-10823 · Cloudlinux · Cloudlinux Cagefs

Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.1.1-1 and below Description: The issue allows local users to view the authentication token via the process list and gain code execution as another user, because the authentication token is passed as a command line...

7.8CVSS7.6AI score0.00474EPSS
Exploits2References10
Vulnrichment
Vulnrichment
added 2024/01/10 9:44 p.m.8 views

CVE-2024-21638 Azure IPAM solution Elevation of Privilege Vulnerability

Azure IPAM IP Address Management is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assign...

9.1CVSS6.8AI score0.01657EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/06 4:15 p.m.2 views

CVE-2023-36655

The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...

9.8CVSS7.4AI score0.00985EPSS
Exploits1References3
OSV
OSV
added 2023/12/06 4:15 p.m.4 views

CVE-2023-36655

The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...

9.8CVSS5.8AI score0.00985EPSS
Exploits1References2
NVD
NVD
added 2023/12/06 4:15 p.m.16 views

CVE-2023-36655

The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...

9.8CVSS0.00985EPSS
Exploits1References2
Rows per page
Query Builder