Lucene search
K

210 matches found

Huntr
Huntr
added 2023/02/08 1:25 p.m.16 views

Complex xss to bypass protection

Description 1.First we login as a normal user, and then comment under a question, the content of the comment is 2.Then we login as an administrator user. And find the comment we just submitted, the administrator can click the edit button.Then the administrator Click "Save edits" without any...

4.9CVSS5.6AI score0.0044EPSS
Exploits1
OSV
OSV
added 2022/11/02 12:15 p.m.7 views

CVE-2022-39949

An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...

5.5CVSS5.6AI score0.00174EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.114 views

F5 Networks BIG-IP : libxslt vulnerability (K30444545)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.8 / 16.1.4 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K30444545 advisory. - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and...

9.8CVSS7.2AI score0.05089EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/08 1:30 p.m.8 views

CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions

Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy...

7.4CVSS9.6AI score0.0127EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.8 views

The vulnerability of the Adobe Framemaker desktop publishing system arises from the possibility of an operation going beyond the buffer boundaries in memory. This allows a hacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Framemaker desktop publishing system lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism by using a specially created malicious file...

5.5CVSS6.5AI score0.00355EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/08/21 12:0 a.m.58 views

GLSA-202208-32 : Vim, gVim: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-32 Vim, gVim: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

9.8CVSS7.3AI score0.12272EPSS
Exploits92References106
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.28 views

ETHRegistrarController._setRecords can register invalid domains and to some degree, its possible to register any domain name

Lines of code Vulnerability details Impact 1. Register invalid domains at Registrar. 2. It's possible to register any domain name. Proof of Concept ETHRegistrarController.setRecords call function at address resolveruser input with call data bytes calldata datauser input. So it can bypass any meth...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.108 views

Oracle Linux 8 : vim (ELSA-2022-5319)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5319 advisory. - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read - CVE-2022-1154 vim: use after free in utfptr2char - CVE-2022-0361 vim:...

9.8CVSS7.2AI score0.02303EPSS
Exploits13References3
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.2 views

PT-2022-22042 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.335 through 2.355 Description: The issue allows attackers in some cases to bypass a protection mechanism, directly accessing view fragments containing sensitive information and bypassing permission checks in the correspondi...

7.5CVSS6.2AI score0.01297EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2022/06/22 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1953)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS7.3AI score0.02645EPSS
Exploits8References2
Hacker One
Hacker One
added 2022/06/05 5:14 a.m.36 views

LinkedIn: The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su

example- String username = request.getParameter"username"; String password = request.getParameter"password"; int authResult = authenticateUserusername, password; the security tokens can be bypassed easily , they are dont make user account safe . //script - check attached file Impact Technical...

2.5AI score
Exploits0
Huntr
Huntr
added 2022/05/13 1:30 a.m.129 views

SSRF on /proxy

Description draw.io is vulnerable to SSRF on the /proxy endpoint. It's trivial to bypass the protections on checkUrlParameter. Proof of Concept 1. Make a request to proxy?url=http%3a//0:8080/ GET /proxy?url=http%3a//0:8080/ HTTP/1.1 Host: 127.0.0.1:8080 sec-ch-ua: "NotA:Brand";v="8",...

5CVSS7.5AI score0.09233EPSS
Exploits1References2
NVD
NVD
added 2022/05/10 2:15 p.m.22 views

CVE-2022-1621

Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.8CVSS0.02303EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2022/05/10 2:15 p.m.44 views

CVE-2022-1621

Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.8CVSS7.5AI score0.02303EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/05/09 12:0 a.m.41 views

CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in vim/vim

Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.3CVSS8.3AI score0.02303EPSS
Exploits1References10
CVE
CVE
added 2022/05/09 12:0 a.m.305 views

CVE-2022-1621

CVE-2022-1621 : A heap-based overflow in Vim's vim_strncpy find_word path (GitHub vim/vim) prior to 8.2.4919 can crash the editor, potentially modify memory, and may allow remote code execution. Connected sources confirm the same description across vendor advisories (AstraLinux and ALAS2023-2023-...

7.8CVSS7.9AI score0.02303EPSS
Exploits1References10Affected Software1
AlpineLinux
AlpineLinux
added 2022/05/07 7:15 p.m.116 views

CVE-2022-1616

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.8CVSS3AI score0.02645EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2022/05/07 7:15 p.m.37 views

CVE-2022-1616

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.8CVSS7.3AI score0.02645EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/05/07 12:0 a.m.20 views

CVE-2022-1616 Use after free in append_command in vim/vim

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.3CVSS8.4AI score0.02645EPSS
Exploits1References12
OSV
OSV
added 2022/05/07 12:0 a.m.11 views

CVE-2022-1616 Use after free in append_command in vim/vim

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.3CVSS8.2AI score0.02645EPSS
Exploits1References15
Rows per page
Query Builder