Lucene search
K

1033 matches found

OSV
OSV
added 2021/03/05 4:15 p.m.7 views

CVE-2020-29134

The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...

8.6CVSS5.8AI score0.15025EPSS
Exploits2References4
Prion
Prion
added 2021/03/05 4:15 p.m.21 views

Path traversal

The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...

7.8CVSS8.5AI score0.15025EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/05 12:0 a.m.29 views

CVE-2020-29134

The TOTVS Fluig platform allows path traversal through the parameter “file = .. /” encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 Recent assessments: lucxssouza at March 24, 2021 6:54pm UTC reported: Assessed Attacker Value: 5 Assessed Attacker Value:...

8.6CVSS4.6AI score0.15025EPSS
Exploits2References5
Packet Storm
Packet Storm
added 2021/02/23 12:0 a.m.815 views

HFS (HTTP File Server) 2.3.x Remote Code Execution

Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...

7.5CVSS9.5AI score0.99323EPSS
Exploits23
Hacker One
Hacker One
added 2021/02/12 10:30 a.m.68 views

Kubernetes: kubectl creating secrets from stringData leaves secret in plain text

Report Submission Form Summary: kubectl creating secrets from stringData leaves secret in plain text Kubernetes Version: $ kubectl version Client Version: version.InfoMajor:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df",GitTreeState:"clean",...

1.7AI score
Exploits0
Gitee
Gitee
added 2021/01/20 9:20 a.m.4 views

HackTools

This is a browser extension for penetration testing, called HackTools. It is a comprehensive tool for web application penetration testing, providing various features such as dynamic shell generation, XSS payload, SQL injection payload, local file inclusion payloads, base64 encoding/decoding, hash...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/14 12:0 a.m.470 views

Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)

Exploit Title: Nagios XI 5.7.X - Remote Code Execution RCE Authenticated Date: 19/12/2020 Exploit Author: Haboob Team https://haboob.sa Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios XI 5.7.x Tested on: Ubuntu 18.04 / PHP 7.2.24 & Vendor's custom VM CVE: CVE-2020-3557...

9CVSS7AI score0.81915EPSS
Exploits7
The Hacker News
The Hacker News
added 2021/01/06 2:0 p.m.46 views

Hackers Using Fake Trump's Scandal Video to Spread QNode Malware

Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan RAT by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive JAR file...

0.4AI score
Exploits0
CNVD
CNVD
added 2021/01/06 12:0 a.m.3 views

WordPress Newsletter plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Newsletter plugin versions prior to 6.8.2 allows...

6.5CVSS6.1AI score0.00854EPSS
Exploits1References1
Prion
Prion
added 2021/01/01 2:15 a.m.18 views

Cross site scripting

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

3.5CVSS6AI score0.00854EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2020/12/25 9:57 a.m.95 views

h1-ctf: [hacky-holidays] Grinch network is down

Flag 1 As always CTF begins with a tweet: F1126838 So we are supposed to start from https://hackyholidays.h1ctf.com/ . The first flag was easy on https://hackyholidays.h1ctf.com/ I found a file named robots.txt which had the following content: User-agent: Disallow: /s3cr3t-ar3a Flag:...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/12/24 9:12 p.m.2207 views

h1-ctf: Hacky Holidays CTF Writeup

Intro: 12 days of challenges - some more challenging than others! This holiday CTF had all 12 challenges hosted on the website https://hackyholidays.h1ctf.com/ F1129112 Challenge 1: I started by significantly overthinking all of the early challenges in this competition. When this CTF started the...

7.9AI score
Exploits0
Hacker One
Hacker One
added 2020/12/23 8:18 p.m.343 views

h1-ctf: ctf walkthrough

Hi, finally managed to solve all challenges, this was my first h1ctf, some challenges were pretty nice, some others had some frustrating guessing parts, but overall it was fun. Here goes day1 to day12 walkthroughs: Day 1 we have only one asset in scope hackyholidays.h1ctf.com the main page at...

Exploits0
Openbugbounty
Openbugbounty
added 2020/10/05 11:55 a.m.11 views

rus.redtram.com Cross Site Scripting vulnerability OBB-1383046

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.7AI score
Exploits0
Veracode
Veracode
added 2020/07/13 5:28 a.m.21 views

Information Disclosure

django-two-factor-auth is vulnerable to information disclosure. The vulnerability exists as it stores the user's password in the user session with base64-encoded clear text...

5.4CVSS1.4AI score0.00579EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/06/24 4:40 a.m.59 views

CVE-2020-10274

MiR robots are affected by CVE-2020-10274 in combination with CVE-2020-10273. Affected products include MiR100, MiR200, MiR250, MiR500, MiR1000 and MiR Fleet, with MiR Robot Software versions prior to 2.10.2.1 (per ICS advisory) and older firmware versions (MiR controllers prior to 2.8.1.1) per N...

7.1CVSS7.1AI score0.00902EPSS
Exploits0References1Affected Software1
0daydb
0daydb
added 2020/06/18 1:30 a.m.273 views

SOS JobScheduler 1.13.3 CVE-2020-12712 Stored Password Decryption

SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt. Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com...

6.5CVSS7.2AI score0.26546EPSS
Exploits13
Packet Storm
Packet Storm
added 2020/06/16 12:0 a.m.709 views

SOS JobScheduler 1.13.3 Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

7.4AI score0.07842EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/06/15 12:0 a.m.674 views

SOS JobScheduler 1.13.3 - Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

7.5CVSS7.4AI score0.07842EPSS
Exploits6
Hacker One
Hacker One
added 2020/06/02 2:29 p.m.90 views

h1-ctf: [H1-2006 2020] The Story of Making Bounty Hunters Happy

Disclaimer: I will try to make this post a fun read, given that whoever triagges will be probably going through similar write-ups again and again. The beginning: Being away from HackerOne over a month had made me rusty. Although the call to arms for Mr. Mickos and the community could not be left...

6.8AI score
Exploits0
Rows per page
Query Builder