Lucene search
+L

349 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.211 views

JBoss Status Servlet Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Status Servlet Information Gathering', 'Description' = %q This module queries the JBoss status servlet to collect sensitive information,...

5CVSS6.9AI score0.53728EPSS
Exploits9
Veracode
Veracode
added 2024/08/30 2:25 p.m.11 views

IP Address Spoofing

serilog.enrichers.clientinfo is vulnerable to IP Spoofing. The vulnerability is caused due to a failure to validate IP address specified in X-Forwarded-For or Client-Ip headers. This allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or...

6.5CVSS6.7AI score0.00322EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/08/29 6:31 p.m.12 views

GHSA-5X5Q-CQF6-GJ8R Serilog Client IP Spoofing vulnerability

Serilog before v2.1.0 contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure...

6.9CVSS6.5AI score0.00322EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/08/29 6:31 p.m.35 views

Serilog Client IP Spoofing vulnerability

Serilog before v2.1.0 contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure...

6.5CVSS6.9AI score0.00322EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/08/29 6:15 p.m.33 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

6.5CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2024/08/29 12:0 a.m.59 views

CVE-2024-44930

Summary of CVE-2024-44930 : Serilog (Serilog.Enrichers.ClientInfo) before v2.1.0 is affected by a Client IP Spoofing vulnerability. Attackers can falsify the client IP by supplying an arbitrary IP in the X-Forwarded-For or Client-Ip headers during HTTP requests. Affected component/functionality i...

6.5CVSS7.2AI score0.00322EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/29 12:0 a.m.37 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.6 views

PT-2024-31308 · Serilog · Serilog

Name of the Vulnerable Software and Affected Versions: Serilog versions prior to 2.1.0 Description: The issue allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. This enables attackers to...

6.9CVSS7.4AI score0.00322EPSS
Exploits0References12
OSV
OSV
added 2024/08/29 12:0 a.m.14 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

6.5CVSS7AI score0.00322EPSS
Exploits0References4
Redos
Redos
added 2024/08/28 12:0 a.m.297 views

ROS-20240827-01

A vulnerability in the modwsgi module of the Apache web server is related to errors in X-Client-IP header processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to network services. access to network services...

7.5CVSS7.1AI score0.0069EPSS
Exploits1
NVD
NVD
added 2024/08/19 9:15 p.m.31 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

5.3CVSS0.00591EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2024/08/19 12:0 a.m.17 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

7.5AI score0.00591EPSS
Exploits3References2
Cvelist
Cvelist
added 2024/08/19 12:0 a.m.29 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

0.00591EPSS
Exploits3References2
GithubExploit
GithubExploit
added 2024/08/18 5:9 p.m.603 views

Exploit for Authentication Bypass by Spoofing in Typecho

Typecho Multiple Vulnerabilities This repository contains the...

9CVSS7.3AI score0.02671EPSS
Exploits8
NVD
NVD
added 2024/08/07 4:15 p.m.16 views

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

5.3CVSS0.00376EPSS
Exploits1References1
CVE
CVE
added 2024/08/07 12:0 a.m.24 views

CVE-2024-41432

CVE-2024-41432 affects Likeshop up to 2.5.7.20210811. The issue is IP spoofing via forged X-Forwarded or Client-IP headers, enabling attackers to bypass admin login lockouts, spoof server requests, and impersonate other IPs tied to user sessions. No explicit fixes or patches are provided in the c...

5.3CVSS7AI score0.00376EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/07 12:0 a.m.13 views

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

7AI score0.00376EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/25 11:35 p.m.15 views

CVE-2024-4869 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS6.1AI score0.00377EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/05/20 1:35 p.m.654 views

Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense_Plus

CVE-2023-27100 - pfSense Anti-brute force protection bypass...

9.8CVSS9.5AI score0.09844EPSS
Exploits5
OSV
OSV
added 2024/05/17 10:15 a.m.4 views

DEBIAN-CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

8.8CVSS8.9AI score0.76618EPSS
Exploits5References1
Rows per page
Query Builder