Lucene search
K

262 matches found

CVE
CVE
added 2021/05/13 5:35 p.m.77 views

CVE-2021-22140

Elastic App Search (web crawler beta) versions 7.11.0–7.12.0 are affected by an XML External Entity (XXE) injection in the crawler, allowing an attacker crawling the site via a manipulated sitemap.xml to read files on the host. Root cause: insufficient validation of XML in the crawler. Impact: po...

7.5CVSS7.5AI score0.0127EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/13 5:35 p.m.24 views

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

7.8AI score0.0127EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.6 views

Elastic App Search web crawler 代码问题漏洞

Elastic App Search web crawler is an application from Elastic USA. provides greater scalability and performance enhancements. A code issue vulnerability exists in App Search web crawler that stems from insufficient validation of user-supplied XML input in Enterprise Search. The following products...

7.5CVSS7.4AI score0.0127EPSS
Exploits0References2
OSV
OSV
added 2021/04/13 3:19 p.m.17 views

GHSA-JXG6-FHWC-9V9C Regular Expression Denial of Service (ReDoS) in es6-crawler-detect

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

5.3CVSS7.5AI score0.01498EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/04/13 3:19 p.m.39 views

Regular Expression Denial of Service (ReDoS) in es6-crawler-detect

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

7.5CVSS7.3AI score0.01498EPSS
Exploits1References4Affected Software1
Hacker One
Hacker One
added 2021/04/08 4:42 a.m.17 views

Elastic: XXE in Enterprise Search's App Search web crawler

Summary Hello team! The latest version of Enterprise Search 7.12.0 is vulnerable to XXE when parsing sitemaps. Up to now I'm only able to read file that contain one line. I'm reporting now to avoid duplicates, but I'll keep working to find a way to extract entire files or HTTP request bodies...

Exploits0
OSV
OSV
added 2021/03/22 12:15 p.m.4 views

CVE-2020-28501

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

7.5CVSS7.1AI score0.01498EPSS
Exploits1References2
CVE
CVE
added 2021/03/22 12:10 p.m.52 views

CVE-2020-28501

The CVE-2020-28501 issue affects es6-crawler-detect prior to 3.1.3. The root cause is a lack of length limitation on the user agent string when fed to regex operators, producing Regular Expression Denial of Service (ReDoS). Reported references from GHSA (Regular Expression Denial of Service in es...

7.5CVSS6.2AI score0.01498EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/22 12:10 p.m.26 views

CVE-2020-28501 Regular Expression Denial of Service (ReDoS)

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

5.3CVSS7.5AI score0.01498EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/03/22 12:0 a.m.6 views

Npm es6-crawler-detect 安全漏洞

Npm es6-crawler-detect is an application from Npm. It can help detect bots, crawlers and spiders by scanning user agent strings or from the global ... A security vulnerability exists in es6-crawler-detect before 3.1.3, which stems from the lack of a limit on the length of the user agent string...

7.5CVSS7.3AI score0.01498EPSS
Exploits1References3
CNVD
CNVD
added 2021/01/27 12:0 a.m.4 views

Command Execution Vulnerability in Pyspider Crawler System

Pyspider is a web crawler system. Pyspider crawler system has a command execution vulnerability that can be exploited by an attacker to remotely execute code by injecting malicious code into the project manager, controlling the entire server, and carrying out intranet infiltration, DDos and other...

7.6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/01/06 5:15 p.m.5 views

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:PYSEC-2021-5...

5.7CVSS6.6AI score0.01466EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/01/06 4:57 p.m.6 views

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:GHSA-HQ37-853P-G5CF...

5.7CVSS6.6AI score0.01466EPSS
Exploits1
Hacker One
Hacker One
added 2020/12/31 3:39 p.m.151 views

h1-ctf: How The Hackers Saved Christmas

F1139789 Challenge I 🤖 "What are you doing?" I asked myself. I was about to trespass a clear warning to keep out. F1139744 "Have you lost your mind?" But I couldn't help it. I was born for this. And I wasn't going to back down. There are 12 more days until Christmas Eve, and I wasn't going to let...

8.3AI score
Exploits0
Snyk
Snyk
added 2020/12/15 6:3 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview es6-crawler-detect is an ES6 version of the original PHP class @CrawlerDetect, it helps you detect bots/crawlers and spiders only by scanning the user-agent string or from the global request.headers. Affected versions of this package are vulnerable to Regular Expression Denial of Service...

7.5CVSS6.7AI score0.01498EPSS
Exploits1References2
Kitploit
Kitploit
added 2020/11/15 11:30 a.m.69 views

FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need

FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/13 8:30 p.m.59 views

Nuubi Tools - Information Ghatering, Scanner And Recon

Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2020/09/25 11:30 a.m.197 views

PwnXSS - Vulnerability XSS Scanner Exploit

A powerful XSS scanner made in python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSS chmod 755 -R PwnXSS cd PwnXSS python3 pwnxss.py --help Usage Basic usage: python3 pwnxss.py -u...

6.4AI score
Exploits0References1
The Hacker News
The Hacker News
added 2020/09/17 2:14 p.m.4 views

Zenscrape: A Simple Web Scraping Solution for Penetration Testers

Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it! To put in simpler terms, Web scraping, or also known as web data extraction, is the process of recouping or sweeping data from web-pages. It...

5.7AI score
Exploits0
Kitploit
Kitploit
added 2020/08/30 9:30 p.m.47 views

SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...

7AI score
Exploits0References4
Rows per page
Query Builder