Lucene search
K

127 matches found

NVD
NVD
added 2020/10/06 6:15 p.m.19 views

CVE-2020-7740

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...

8.2CVSS0.02044EPSS
Exploits0References2
Hacker One
Hacker One
added 2020/10/02 4:44 a.m.26 views

U.S. Dept Of Defense: SSRF in login page using fetch API exposes victims IP address to attacker controled server

Note: This is similar to my last report 991163. Summary: Server Side Request Forgery Exposes Victims Ip Address to External Server and which made attacker possible to determine physical location of Victim with IP Tracing. Description: Server Side Request Forgery is the critical vulnerability...

0.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/11 9:21 p.m.29 views

Malicious Package in ng-ui-library

Version 1.0.987 of ng-ui-library contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...

4.3AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/03/13 12:0 a.m.2 views

Microsoft Application Inspector Remote Code Execution Vulnerability

Microsoft Application Inspector is a software source code analysis tool from the U.S. company Microsoft Microsoft. The product supports scanning C, C++, C, Java and JavaScript and other languages. A remote code execution vulnerability exists in Microsoft Application Inspector v1.0.23 and prior...

9.6CVSS7.9AI score0.09851EPSS
Exploits0
OSV
OSV
added 2020/02/05 4:15 p.m.5 views

CVE-2019-16204

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server...

7.5CVSS7.1AI score0.01476EPSS
Exploits0References2
Prion
Prion
added 2020/02/05 4:15 p.m.14 views

Xxe

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server...

5CVSS7.7AI score0.01476EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/01/14 1:53 a.m.8 views

Malicious Package

1337qq-js is a vulnerable package. In the postinstall script, the package targets UNIX systems by reading system files, environment variables and npmrc file, and exfiltrates the information to an external server at 119.28.41.206 on port 9999...

2.3AI score
Exploits0
OSV
OSV
added 2019/08/30 9:15 a.m.5 views

CVE-2019-12753

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The maliciou...

4.9CVSS5.8AI score0.00999EPSS
Exploits0References1
Veracode
Veracode
added 2019/06/10 3:55 a.m.10 views

Malicious Package

motiv.scss contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Prion
Prion
added 2018/06/26 2:29 p.m.13 views

Code injection

Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors...

4.3CVSS4.9AI score0.01031EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/06/26 2:0 p.m.49 views

CVE-2018-0526

CVE-2018-0526 affects Cybozu Office 10.0.0–10.7.0. The vulnerability in the Message component allows remote attackers to cause information disclosure by causing an external image to be displayed, effectively exposing an image located on an external server via unspecified vectors. Impact, per the ...

4.3CVSS5.2AI score0.01031EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/26 2:0 p.m.21 views

CVE-2018-0526

Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors...

5.2AI score0.01031EPSS
Exploits0References2
CNVD
CNVD
added 2018/01/24 12:0 a.m.3 views

Apache NiFi Sensitive Information Disclosure Vulnerability

Apache NiFi is a data streaming based data processing and distribution system. A security vulnerability in Apache NiFi's handling of HTTP requests allows remote attackers to exploit the vulnerability by submitting a special request to load NiFi to load resources from an external server...

7.5CVSS6.9AI score0.02848EPSS
Exploits3References1
Prion
Prion
added 2018/01/23 10:29 p.m.15 views

Hardcoded credentials

A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate...

5CVSS7.4AI score0.02848EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2017/06/28 1:29 p.m.40 views

CVE-2017-7686

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

7.5CVSS7.6AI score0.0297EPSS
Exploits0References2
OSV
OSV
added 2017/06/28 1:29 p.m.5 views

PYSEC-2017-146

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

7.5CVSS7AI score0.0297EPSS
Exploits0References2
CNVD
CNVD
added 2017/05/17 12:0 a.m.15 views

PostgreSQL Information Disclosure Vulnerability (CNVD-2017-06932)

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. An information disclosure vulnerability exists in the...

7.5CVSS6.8AI score0.06331EPSS
Exploits0References1
ArchLinux
ArchLinux
added 2016/01/17 12:0 a.m.48 views

ffmpeg: information leakage

A vulnerability in the way FFmpeg handles the concat CVE-2016-1897 and subfile CVE-2016-1898 protocols in a HTTP Live Streaming HLS M3U8 file allows a remote attacker to conduct a cross-origin attacks, and to access arbitrary local files on the vulnerable host. The attack uses a crafted M3U8 file...

4.3CVSS1.7AI score0.14621EPSS
Exploits3References4
CNVD
CNVD
added 2015/08/10 12:0 a.m.3 views

Mozilla Firefox OS Access Restriction Bypass Vulnerability

Firefox OS is an open source mobile operating system with a Linux kernel for smartphones. Mozilla Firefox OS versions prior to 2.2, the COPPA error page in the Accounts Settings dialog box, embeds the contents of an external web server URL into a system process. This could allow a man-in-the-midd...

3.3CVSS6.4AI score0.00377EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/03/17 12:0 a.m.26 views

Mandriva Linux Security Advisory : imapsync (MDVSA-2014:060)

Updated imapsync package fixes security vulnerabilities : Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl CVE-2013-4279. The imapsync packag...

5CVSS5.3AI score0.01803EPSS
Exploits1References4
Rows per page
Query Builder