262 matches found
CVE-2021-22140
Elastic App Search (web crawler beta) versions 7.11.0–7.12.0 are affected by an XML External Entity (XXE) injection in the crawler, allowing an attacker crawling the site via a manipulated sitemap.xml to read files on the host. Root cause: insufficient validation of XML in the crawler. Impact: po...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
Elastic App Search web crawler 代码问题漏洞
Elastic App Search web crawler is an application from Elastic USA. provides greater scalability and performance enhancements. A code issue vulnerability exists in App Search web crawler that stems from insufficient validation of user-supplied XML input in Enterprise Search. The following products...
GHSA-JXG6-FHWC-9V9C Regular Expression Denial of Service (ReDoS) in es6-crawler-detect
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
Regular Expression Denial of Service (ReDoS) in es6-crawler-detect
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
Elastic: XXE in Enterprise Search's App Search web crawler
Summary Hello team! The latest version of Enterprise Search 7.12.0 is vulnerable to XXE when parsing sitemaps. Up to now I'm only able to read file that contain one line. I'm reporting now to avoid duplicates, but I'll keep working to find a way to extract entire files or HTTP request bodies...
CVE-2020-28501
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
CVE-2020-28501
The CVE-2020-28501 issue affects es6-crawler-detect prior to 3.1.3. The root cause is a lack of length limitation on the user agent string when fed to regex operators, producing Regular Expression Denial of Service (ReDoS). Reported references from GHSA (Regular Expression Denial of Service in es...
CVE-2020-28501 Regular Expression Denial of Service (ReDoS)
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
Npm es6-crawler-detect 安全漏洞
Npm es6-crawler-detect is an application from Npm. It can help detect bots, crawlers and spiders by scanning user agent strings or from the global ... A security vulnerability exists in es6-crawler-detect before 3.1.3, which stems from the lack of a limit on the length of the user agent string...
Command Execution Vulnerability in Pyspider Crawler System
Pyspider is a web crawler system. Pyspider crawler system has a command execution vulnerability that can be exploited by an attacker to remotely execute code by injecting malicious code into the project manager, controlling the entire server, and carrying out intranet infiltration, DDos and other...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:PYSEC-2021-5...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:GHSA-HQ37-853P-G5CF...
h1-ctf: How The Hackers Saved Christmas
F1139789 Challenge I 🤖 "What are you doing?" I asked myself. I was about to trespass a clear warning to keep out. F1139744 "Have you lost your mind?" But I couldn't help it. I was born for this. And I wasn't going to back down. There are 12 more days until Christmas Eve, and I wasn't going to let...
Regular Expression Denial of Service (ReDoS)
Overview es6-crawler-detect is an ES6 version of the original PHP class @CrawlerDetect, it helps you detect bots/crawlers and spiders only by scanning the user-agent string or from the global request.headers. Affected versions of this package are vulnerable to Regular Expression Denial of Service...
FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping...
Nuubi Tools - Information Ghatering, Scanner And Recon
Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...
PwnXSS - Vulnerability XSS Scanner Exploit
A powerful XSS scanner made in python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSS chmod 755 -R PwnXSS cd PwnXSS python3 pwnxss.py --help Usage Basic usage: python3 pwnxss.py -u...
Zenscrape: A Simple Web Scraping Solution for Penetration Testers
Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it! To put in simpler terms, Web scraping, or also known as web data extraction, is the process of recouping or sweeping data from web-pages. It...
SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...