Lucene search
K

299 matches found

NVD
NVD
added 2021/07/20 12:15 p.m.19 views

CVE-2020-15660

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...

8.8CVSS0.01129EPSS
Exploits0References2
OSV
OSV
added 2021/07/20 12:15 p.m.15 views

CVE-2020-15660

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...

8.8CVSS7.7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/07/20 12:15 p.m.21 views

CVE-2020-15660

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...

8.8CVSS7.4AI score0.01129EPSS
Exploits0References2
Prion
Prion
added 2021/07/20 12:15 p.m.19 views

Design/Logic Flaw

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...

6.8CVSS8.9AI score0.01129EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/20 11:24 a.m.137 views

CVE-2020-15660

Geckodriver up to version 0.27.0 is affected by a vulnerability from missing checks on Content-Type headers, enabling CSRF that could lead to remote code execution when paired with a crafted request. Affected component: geckodriver (WebDriver HTTP API). Root cause: improper validation of Content-...

8.8CVSS8.9AI score0.01129EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/20 11:24 a.m.26 views

CVE-2020-15660

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...

9AI score0.01129EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.4 views

geckodriver 跨站请求伪造漏洞

geckodriver is an application program. It provides an HTTP API described by the WebDriver protocol to communicate with the Gecko browser. A security vulnerability exists in geckodriver prior to 0.27.0, which stems from the fact that a lack of checking the Content-Type header in geckodriver may le...

8.8CVSS8.7AI score0.01129EPSS
Exploits0References3
0day.today
0day.today
added 2021/05/28 12:0 a.m.143 views

PHPFusion 9.03.50 - Remote Code Execution Exploit

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...

9CVSS8.8AI score0.67289EPSS
Exploits4
0day.today
0day.today
added 2021/05/28 12:0 a.m.39 views

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) Exploit

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...

Exploits0
Exploit DB
Exploit DB
added 2021/05/28 12:0 a.m.360 views

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2019/04/11 12:46 p.m.521 views

QRLJacker v2.0 - QRLJacking Exploitation Framework

QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on the QR Code as an authentication and login method, Mainly it aims to raise security awareness regarding all the services using the QR Code a...

7.7AI score
Exploits0References2
exploitpack
exploitpack
added 2019/03/04 12:0 a.m.37 views

Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor Custom Binary)

Splunk Enterprise 7.2.4 - Custom App Remote Command Execution Persistent Backdoor Custom Binary !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vend...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/01/24 12:0 a.m.72 views

Splunk Enterprise 7.2.3 - Authenticated Custom App Remote Code Execution Exploit

Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html...

7.4AI score
Exploits0
n0where
n0where
added 2018/08/22 5:26 p.m.32 views

Social Media Enumeration & Correlation Tool: Social Mapper

Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s...

Exploits0References1
Kitploit
Kitploit
added 2018/07/02 1:45 p.m.52 views

EagleEye - Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search

Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search. This only works if theirFacebook Profile is public What does this do? In simple words you have at least one Image of the Person you are looking for and a clue about its name. You fe...

6.9AI score
Exploits0References3
Kitploit
Kitploit
added 2017/11/27 1:15 p.m.35 views

Zeus-Scanner - Advanced Reconnaissance Utility

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple...

6.2AI score
Exploits0References8
Kitploit
Kitploit
added 2017/10/18 1:30 p.m.23 views

DorkNet - Selenium Powered Python Script To Automate Searching For Vulnerable Web Apps

Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save the...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2017/05/12 2:10 p.m.19 views

Mimir - OSINT Threat Intel Interface

OSINT Threat Intel Interface - Named after the old Norse God of knowledge. Mimir functions as a CLI to HoneyDB which in short is an OSINT aggragative threat intel pool. Starting the program brings you to a menu the options for which are as follows. 1. Fetch Threat Feed 5. Visualize Top Malicious...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2016/12/09 2:55 p.m.19 views

PhishLulz - Ruby toolset aimed at automating Phishing activities

PhishLulz is a Ruby toolset aimed at automating Phishing activities. When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are: PhishingFrenzy...

7.3AI score
Exploits0References4
Rows per page
Query Builder