Lucene search
+L

114 matches found

OSV
OSV
added 2024/11/04 3:15 p.m.8 views

CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

8CVSS5.8AI score0.01291EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.22 views

CentOS 7 : thunderbird (RHSA-2020:2906)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2906 advisory. - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially...

9.3CVSS7.8AI score0.03034EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.31 views

CentOS 6 : thunderbird (RHSA-2020:2966)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2966 advisory. - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This...

9.3CVSS7.8AI score0.03034EPSS
Exploits1References6
0day.today
0day.today
added 2023/04/20 12:0 a.m.308 views

Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution Exploit

!/usr/bin/env python """ Exploit Title: Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution RCE Exploit Author: max / Zoltan Padanyi Vendor Homepage: https://exchange.nagios.org/directory/Addons/Configuration/Lilac-2DReloaded/visit Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.368 views

Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)

!/usr/bin/env python """ Exploit Title: Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution RCE Google Dork: N/A Date: 2023-04-13 Exploit Author: max / Zoltan Padanyi Vendor Homepage: https://exchange.nagios.org/directory/Addons/Configuration/Lilac-2DReloaded/visit Software Link:...

7.4AI score
Exploits0
Prion
Prion
added 2023/04/05 4:15 p.m.16 views

Server side request forgery (ssrf)

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery SSRF. In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature...

5.5CVSS6.5AI score0.00482EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/05 4:15 p.m.28 views

CVE-2023-28633

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery SSRF. In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature...

5.4CVSS6.1AI score0.00482EPSS
Exploits0References5
OSV
OSV
added 2023/04/05 3:27 p.m.20 views

CVE-2023-28633 GLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feeds

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery SSRF. In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature...

3.5CVSS5.7AI score0.00482EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.7 views

PT-2023-3261 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.84 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to the usage of RSS feeds in GLPI, which is subject to server-side request forgery SSRF. When the remote address is not a valid RSS feed, ...

10CVSS6.7AI score0.99628EPSS
Exploits40References207
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.2 views

SUSE CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

7.5CVSS8.8AI score0.00961EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2022/06/28 10:54 a.m.12 views

evolution-ews bug fix and enhancement update

An update is available for evolution-ews. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evolution-ews package allows Evolution to interact with Microsoft...

3.7AI score
Exploits0
0day.today
0day.today
added 2022/02/14 12:0 a.m.768 views

Nagios XI Autodiscovery Shell Upload Exploit

This Metasploit module exploits a path traversal issue in Nagios XI before version 5.8.5. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field containin...

8.8CVSS8.8AI score0.2382EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/02/14 12:0 a.m.278 views

Nagios XI Autodiscovery Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Autodiscovery Webshell Upload', 'Description' = %q This module exploits a path traversal issue in Nagios XI before version 5.8.5...

8.8CVSS0.1AI score0.2382EPSS
Exploits5
Metasploit
Metasploit
added 2022/02/12 5:42 p.m.373 views

Nagios XI Autodiscovery Webshell Upload

This module exploits a path traversal issue in Nagios XI before version 5.8.5 CVE-2021-37343. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field...

8.8CVSS9.1AI score0.2382EPSS
Exploits5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.31 views

Mageia: Security Advisory (MGASA-2020-0300)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.5AI score0.03034EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.41 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0140)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with a...

9.3CVSS8AI score0.0779EPSS
Exploits9References29
CNVD
CNVD
added 2021/08/16 12:0 a.m.39 views

Nagios XI path traversal vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A path traversal vulnerability exists in the AutoDiscovery component in versions of Nagios XI prior to 5.8.5. An attacker could exploi...

8.8CVSS4.2AI score0.2382EPSS
Exploits5References1
NVD
NVD
added 2021/08/13 12:15 p.m.49 views

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...

8.8CVSS0.2382EPSS
Exploits5References2
OSV
OSV
added 2021/08/13 12:15 p.m.1 views

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...

8.8CVSS5.8AI score0.2382EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2021/08/13 12:15 p.m.3 views

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...

8.8CVSS7.5AI score0.2382EPSS
Exploits5References5
Rows per page
Query Builder