Lucene search
K

78 matches found

NVD
NVD
added 2023/07/28 3:15 p.m.10 views

CVE-2023-39013

Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...

9.8CVSS9.7AI score0.00747EPSS
Exploits1References1
OSV
OSV
added 2023/07/28 3:15 p.m.15 views

CVE-2023-39013

Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...

9.8CVSS8AI score
Exploits0References1
Prion
Prion
added 2023/07/28 3:15 p.m.17 views

Code injection

Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...

7.5CVSS9.7AI score0.00747EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/07/28 12:0 a.m.4 views

Duke 代码注入漏洞

Duke is a fast and flexible deduplication or entity resolution, or record linking engine written in Java on top of Lucene by Lars Marius Garshol, a personal developer. A security vulnerability exists in Duke v1.2 and earlier versions, which stems from a code injection vulnerability in the compone...

9.8CVSS8.4AI score0.00747EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/28 12:0 a.m.14 views

CVE-2023-39013

Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...

9.9AI score0.00747EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.4 views

PT-2023-26736 · Duke · Duke

Name of the Vulnerable Software and Affected Versions: Duke versions 1.2 and below Description: The issue is related to a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. Recommendations: For Duke versions 1.2 and below, consider disabling the...

9.8CVSS9.4AI score0.00747EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/07/28 12:0 a.m.13 views

CVE-2023-39013

Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...

7.8AI score0.00747EPSS
Exploits1References1
CVE
CVE
added 2023/07/28 12:0 a.m.144 views

CVE-2023-39013

Summary: CVE-2023-39013 affects Duke v1.2 and earlier. A code injection vulnerability exists in the CommonsJTimer.init component (no.priv.garshol.duke.server.CommonJTimer.init). The issue enables potential arbitrary code execution via unfiltered LDAP lookups in that method. Documents consistently...

9.8CVSS9.7AI score0.00747EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2023/04/22 7:52 a.m.11 views

cgi.cs.duke.edu Cross Site Scripting vulnerability OBB-3269612

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/19 1:27 p.m.1 views

Android Users Beware: New Hook Malware with RAT Capabilities Emerges

The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News,...

6.8AI score
Exploits0
OSV
OSV
added 2022/12/07 6:39 p.m.53 views

GO-2022-1114 ZipSlip when unzipping files in github.com/duke-git/lancet

A ZipSlip vulnerability exists when using the fileutil package to unzip files...

8.8CVSS7.1AI score0.00793EPSS
Exploits1References3
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/05/04 4:0 p.m.22 views

How a senior product manager is leading the passwordless movement at Microsoft

May 5, 2022, is World Password Day, a day we all use to create awareness around password security. At Microsoft, we choose to celebrate replacing passwords with better and more secure ways to sign in. I can’t think of a better person at Microsoft to represent this journey than Libby Brown, a seni...

7.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/19 12:43 p.m.7 views

strategicplan.duke.edu Improper Access Control vulnerability OBB-2181975

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/01/14 8:53 a.m.9 views

ags.duke.edu Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1067467 Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting ags.duke.edu website and...

0.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2019/11/01 1:52 p.m.8 views

livinghistory.sanford.duke.edu Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1006770 Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

0.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/14 5:37 a.m.87 views

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites including this one, took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In a...

6.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/09/19 5:38 p.m.9 views

mon-01.econ.duke.edu XSS vulnerability

Open Bug Bounty ID: OBB-678119 Description| Value ---|--- Affected Website:| mon-01.econ.duke.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Krebs on Security
Krebs on Security
added 2018/09/06 3:51 p.m.60 views

Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was "Feds Can't Touch Us" pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.'s National Crime Agency NCA arrested Hertfordshire resident George...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/06/01 3:7 p.m.6 views

dukestores.duke.edu XSS vulnerability

Open Bug Bounty ID: OBB-625496 Description| Value ---|--- Affected Website:| dukestores.duke.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/02/21 11:0 a.m.13 views

qtmodule.dcri.duke.edu XSS vulnerability

Open Bug Bounty ID: OBB-564793 Description| Value ---|--- Affected Website:| qtmodule.dcri.duke.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Rows per page
Query Builder