Lucene search
K

145 matches found

Fortinet
Fortinet
added 2023/02/16 12:0 a.m.49 views

FortiNAC - Unauthenticated access to administrative operations

An improper authorization vulnerability CWE-285 in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

7.5CVSS9AI score0.01079EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/10/24 2:15 p.m.20 views

CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

7.2CVSS8.1AI score
Exploits0References5
Prion
Prion
added 2022/10/24 2:15 p.m.18 views

Command injection

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

5.8CVSS7.6AI score0.05241EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2022/07/14 3:15 p.m.56 views

CVE-2022-29593

relaycgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request...

5.9CVSS0.10436EPSS
Exploits5References3
Prion
Prion
added 2022/07/14 3:15 p.m.17 views

Cross site request forgery (csrf)

relaycgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request...

2.6CVSS5.8AI score0.10436EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2022/07/14 2:56 p.m.56 views

CVE-2022-29593

relaycgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request...

6.1AI score0.10436EPSS
Exploits5References3
OSV
OSV
added 2022/06/24 12:0 a.m.13 views

GHSA-Q8V3-7H6Q-G39Q Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

4.3CVSS6.6AI score0.00468EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.22 views

Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.9AI score0.00468EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/23 5:15 p.m.5 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.5AI score0.00468EPSS
Exploits0References1
Prion
Prion
added 2022/06/23 5:15 p.m.15 views

Design/Logic Flaw

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

4CVSS4.4AI score0.00525EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/06/23 5:15 p.m.21 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

4.3CVSS6.4AI score0.00468EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.37 views

CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

6.8AI score0.00525EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/02 12:5 a.m.22 views

Django cross-site request forgery (CSRF) vulnerability

The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified...

5.8CVSS6.7AI score0.00931EPSS
Exploits0References12Affected Software1
UbuntuCve
UbuntuCve
added 2022/03/28 7:15 p.m.28 views

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

8.8CVSS7.2AI score0.00815EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/03/28 6:53 p.m.27 views

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

7.7CVSS8.7AI score0.00815EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/03/28 6:53 p.m.33 views

CVE-2022-0427

Removed by vendor...

8.8CVSS7.3AI score0.00815EPSS
Exploits1
0day.today
0day.today
added 2022/03/15 12:0 a.m.188 views

Hades RAT Web Panel Cross Site Scripting Vulnerability

Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5: c4cc1317aea42f7dd4a1b786c5278a24 MD5:...

Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.21 views

Schneider Electric Modicon Arbitrary Code Execution (CVE-2013-0664)

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...

8.5CVSS5.9AI score0.03909EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.368 views

Win32.MarsStealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...

Exploits0
Packet Storm
Packet Storm
added 2021/02/18 12:0 a.m.354 views

Backdoor.Win32.Agent.aak Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...

7.4AI score
Exploits0
Rows per page
Query Builder