Lucene search
K

9 matches found

Nuclei
Nuclei
added yesterday15 views

D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution

man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...

9.8CVSS8.1AI score0.77951EPSS
Exploits5References2
Metasploit
Metasploit
added 2025/03/03 6:56 p.m.1156 views

D-Tale RCE

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

9.8CVSS9.1AI score0.77951EPSS
Exploits5
Circl
Circl
added 2025/03/03 12:12 p.m.11 views

CVE-2024-3408

creationtimestamp| type| source ---|---|--- 2025-03-03 12:12:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dtalercecve20250655.rb 2025-03-04 02:34:30+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-03-04 21:02:04+00:00| seen|...

9.8CVSS8.6AI score0.77951EPSS
Exploits5References4
Packet Storm
Packet Storm
added 2025/03/03 12:0 a.m.625 views

D-Tale Remote Code Execution

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

9.8CVSS8.3AI score0.77951EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/02/05 10:17 a.m.20 views

CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS8.4AI score0.77951EPSS
Exploits5References1
Huntr
Huntr
added 2024/11/07 11:43 a.m.9 views

RCE via Global State Override

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution RCE. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

9.8CVSS8.5AI score0.77951EPSS
Exploits5
OSV
OSV
added 2024/06/06 7:16 p.m.10 views

CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS10AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/06/06 7:16 p.m.5 views

trt-engine-explorer (>=0.1.2 <=0.1.5) potentially affected by CVE-2024-3408 via dtale (=2.16.0)

dtale PYPI version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - trt-engine-explorer =0.1.2, =0.1.5 Source cves: CVE-2024-3408 Source advisory: OSV:PYSEC-2024-117...

9.8CVSS7.2AI score0.77951EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2024/06/06 6:54 p.m.25 views

CVE-2024-3408 Authentication Bypass and RCE in man-group/dtale

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS8.5AI score0.77951EPSS
Exploits5References2
Rows per page
Query Builder