Lucene search
K

1958 matches found

Cvelist
Cvelist
added 2023/06/06 12:0 a.m.17 views

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

5AI score0.00419EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/06 12:0 a.m.14 views

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

6.8AI score0.00419EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/02 12:0 a.m.8 views

WordPress plugin Web Directory Free SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.6AI score0.00822EPSS
Exploits0References3
Prion
Prion
added 2023/05/01 2:15 p.m.18 views

Design/Logic Flaw

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

7.5CVSS9.5AI score0.01066EPSS
Exploits1References2Affected Software1
Kitploit
Kitploit
added 2023/04/27 12:30 p.m.399 views

PhoneSploit-Pro - An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session

An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB Android Debug Bridge and Metasploit-Framework. Complete Automation to get a Meterpreter session in One Click This tool can automatically Create , Install , and Run payload on the target device using...

7.8AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.4 views

PT-2023-12044 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: The issue is related to improper access control in the reporting engine of the l10n fr fec module. This allows remote authenticated users to extra...

8.7CVSS6AI score0.0141EPSS
Exploits0References27
Prion
Prion
added 2023/04/05 6:15 p.m.20 views

Sql injection

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

5.5CVSS8.3AI score0.00766EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/05 6:15 p.m.22 views

CVE-2023-28838

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

9.6CVSS7.2AI score0.00766EPSS
Exploits0References4
OSV
OSV
added 2023/04/05 6:15 p.m.3 views

UBUNTU-CVE-2023-28838

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

9.6CVSS6AI score0.00766EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/04/05 5:39 p.m.7 views

CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

9.6CVSS9.6AI score0.00766EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.4 views

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

9.6CVSS7.7AI score0.00766EPSS
Exploits0References4
NVD
NVD
added 2023/03/27 3:15 p.m.19 views

CVE-2023-1137

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation...

8.8CVSS7.5AI score0.0055EPSS
Exploits0References1
Veracode
Veracode
added 2023/03/08 2:9 p.m.29 views

Remote Code Execution

github.com/gitpod-io/gitpod is vulnerable to Remote Code Execution. The vulnerability exists due to cross-site WebSocket Hijacking because the Origin header is not restricted which allows an attacker to take over a workspace with stolen credentials or and extract data from a workplace...

9.6CVSS4.8AI score0.00416EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/03/03 8:15 a.m.12 views

CVE-2023-0957

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...

9.6CVSS9.3AI score
Exploits0References7
NVD
NVD
added 2023/03/03 8:15 a.m.13 views

CVE-2023-0957

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...

9.6CVSS8.4AI score0.00416EPSS
Exploits0References7
Prion
Prion
added 2023/03/03 8:15 a.m.20 views

Cross site scripting

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...

6.8CVSS8.9AI score0.00416EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/03/03 7:0 a.m.78 views

CVE-2023-0957

CVE-2023-0957 describes a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in Gitpod versions prior to release-2022.11.2.16. The issue arises because the Origin header is not restricted, allowing an attacker to initiate WebSocket connections to the Gitpod JSONRPC server using a victim’s crede...

9.6CVSS9AI score0.00416EPSS
Exploits0References7Affected Software1
Huntr
Huntr
added 2023/02/19 8:39 p.m.18 views

SQL Injection at /front/report.dynamic.php

Description A SQL Injection vulnerability allow to guest user with reports view like "Technician" to extract all data from database and some cases write a webshell on the server. This vulnerability occurs because an insecure concatenation is taking place on this function:...

7.6AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.3 views

SUSE CVE-2017-14807

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...

8.1CVSS8.3AI score0.01027EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.1 views

SUSE CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

6.5CVSS6.3AI score0.35041EPSS
Exploits0References7
Rows per page
Query Builder