Lucene search
K

16600 matches found

Cvelist
Cvelist
added 2024/09/03 10:9 a.m.19 views

CVE-2024-45587 Unauthorized Modification Vulnerability

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which...

9.1CVSS0.00417EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 10:9 a.m.70 views

CVE-2024-45587

The CVE-2024-45587 issue affects Symphony XTS Web Trading platform 2.0.0.1_P160, arising from improper access controls in the APIs of the Transaction module. An authenticated remote attacker could manipulate parameters via HTTP requests to compromise other user accounts. The vulnerability is docu...

9.1CVSS8.5AI score0.00417EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2024/09/03 10:2 a.m.33 views

CVE-2024-45586 Account Take Over Vulnerability

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

7.5CVSS7.1AI score0.00432EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/03 10:2 a.m.18 views

CVE-2024-45586 Account Take Over Vulnerability

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

9.2CVSS0.00432EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 10:2 a.m.74 views

CVE-2024-45586

CVE-2024-45586 affects Symphony XTS Web Trading and Mobile Trading platforms, version 2.0.0.1_P160. The root cause is improper access controls in the Authentication module’s APIs. An authenticated, remote attacker can manipulate HTTP request parameters to perform an unauthorized account takeover ...

9.2CVSS8.6AI score0.00432EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2024/09/03 2:15 a.m.18 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS0.00605EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.19 views

CVE-2024-5412

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

7.5CVSS0.00662EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/03 1:28 a.m.14 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS7.2AI score0.00605EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/03 1:18 a.m.19 views

CVE-2024-5412

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

7.5CVSS7.4AI score0.00662EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/03 1:18 a.m.28 views

CVE-2024-5412

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

7.5CVSS0.00662EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 1:18 a.m.97 views

CVE-2024-5412

CVE-2024-5412 affects Zyxel VMG8825-T50K firmware 5.50(ABOM.8)C0, where a buffer overflow in the libclinkc library could allow an unauthenticated attacker to cause DoS by sending a crafted HTTP request. Connected sources confirm the component and impact; exploitation status is not detailed. Some ...

7.5CVSS7.5AI score0.00662EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.6 views

PT-2024-36053 · Zyxel · Zyxel Vmg8825-T50K

Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 Description: A buffer overflow vulnerability in the library "libclinkc" could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a...

7.5CVSS7.8AI score0.00662EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.505 views

Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

10CVSS10AI score0.99999EPSS
Exploits349
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.281 views

Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI urlredirect.cgi Authenticated Directory Traversal', 'Description' = %q This module abuses a directory...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.184 views

Hashtable Collisions

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashtable Collisions', 'Description' = %q This module uses a denial-of-service DoS condition appearing in a variety of programming languages. Thi...

7.8CVSS7.3AI score0.83911EPSS
Exploits16
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.153 views

F5 BigIP Access Policy Manager Session Exhaustion Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BigIP Access Policy Manager Session Exhaustion Denial of Service', 'Description' = %q This module exploits a resource exhaustion denial of...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.228 views

Brother Debut http Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure...

7.8CVSS7AI score0.59386EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.172 views

TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access', 'Description' = %q This module tests for directory traversal vulnerability in...

5CVSS7AI score0.20662EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.148 views

Monkey HTTPD Header Parsing Denial of Service (Denial of Service)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monkey HTTPD Header Parsing Denial of Service DoS', 'Description' = %q This module causes improper header parsing that leads to a segmentation...

6.8CVSS7AI score0.20179EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.318 views

NETGEAR Administrator Password Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NETGEAR Administrator Password Disclosure', 'Description' = %q This module will collect the password for the admin user. The exploit will not...

8.1CVSS7.2AI score0.89294EPSS
Exploits7
Rows per page
Query Builder