Lucene search
K

57 matches found

WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.17 views

WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting PoC The source and destination should use the https:// protocol for the exploit to...

5.4CVSS5.4AI score0.00591EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/16 12:0 a.m.7 views

PT-2021-6779 · Node.Js +7 · Node.Js +7

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to insufficient validation of the rejectUnauthorized value in the Node.js https API. If the rejectUnauthorized parameter is set to undefined, no error is returned, and...

9.8CVSS6.4AI score0.77766EPSS
Exploits31References267
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2019:3266-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.07124EPSS
Exploits0References9
WPVulnDB
WPVulnDB
added 2020/11/30 12:0 a.m.28 views

Canto <= 1.7.0 - Unauthenticated Blind SSRF

The plugin is affected by Blind SSRF issues via the domain parameter in three files: /includes/lib/tree.php, /includes/lib/detail.php and /includes/lib/get.php. All requests to the arbitrary domain/IP will be made with the HTTPS protocol PoC The PoC will be displayed once the issue has been...

5CVSS1.6AI score0.26037EPSS
Exploits3References1Affected Software1
Kitploit
Kitploit
added 2020/09/13 11:30 a.m.52 views

HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...

7.3AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/07/31 6:15 p.m.31 views

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS7.2AI score0.00864EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2020/06/05 12:0 a.m.3 views

The vulnerability of the JSE component in Oracle Java SE and Oracle Java SE Embedded software platforms allows a hacker to trigger a service failure.

The vulnerability of the JSE component in Oracle Java SE and Oracle Java SE Embedded software platforms is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using the HTTPS protocol...

5.3CVSS6.6AI score0.04948EPSS
Exploits0References7Affected Software7
Prion
Prion
added 2020/02/21 6:15 p.m.30 views

Design/Logic Flaw

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of...

4.3CVSS6.4AI score0.06049EPSS
Exploits3References12Affected Software14
Cvelist
Cvelist
added 2020/02/21 5:11 p.m.39 views

CVE-2013-3587

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of...

5AI score0.06049EPSS
Exploits2References12
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.4 views

The vulnerability of the Message Display component of the Oracle Email Center software allows a malicious individual to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information.

The vulnerability of the Message Display component of the Oracle Email Center messaging software is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to obtain unauthorized access to protected...

8.2CVSS7.4AI score0.01314EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.15 views

Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7410)

Summary IBM Sterling B2B Integrator Health Check tool is vulnerable to cookie hijacking for obtaining sensitive information. Vulnerability Details CVEID: CVE-2015-7410 DESCRIPTION: IBM 10x based applications are vulnerable to cookie hijacking for Web Services hosted over HTTPS protocol due to...

7.4CVSS1.3AI score0.00871EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.3 views

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system allows attackers to access, modify, add, or delete data, as well as gain unauthorized access to protected information.

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system is related to lack of access control. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information using the HTTPS network...

8.2CVSS7.4AI score0.01275EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.7 views

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Preferences component in the Oracle CRM Technical Foundation system is related to lack of access control. Exploiting this vulnerability allows an attacker to gain access to modify, add, or delete data using the HTTPS network protocol...

4.7CVSS5.9AI score0.00872EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.6 views

The vulnerability of the Oracle iSupport web application, related to access control deficiencies, allows an attacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Oracle iSupport web application relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data, or to unauthorizedly access protected information using the HTTPS protocol...

8.2CVSS7.4AI score0.01314EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/01/28 4:15 p.m.1 views

DEBIAN-CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

5.9CVSS5.8AI score0.01602EPSS
Exploits1References1
OSV
OSV
added 2020/01/15 5:15 p.m.2 views

CVE-2020-2670

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Message Display. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Ema...

8.2CVSS7.3AI score0.01314EPSS
Exploits0References1
Symantec
Symantec
added 2020/01/14 12:0 a.m.18 views

Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities

Description Oracle E-Business Suite is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'HTTPS' protocol. The 'Preferences', 'Message Hooks', 'Attachments / File Upload' components are affected. These vulnerabilities affect the following supported versions:...

0.2AI score
Exploits0References1Affected Software1
Symantec
Symantec
added 2020/01/14 12:0 a.m.55 views

Oracle Java SE CVE-2020-2655 Remote Security Vulnerability

Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over 'HTTPS' protocol. This issue affects the 'JSSE' component. This vulnerability affects the following supported versions: Java SE: 11.0.5, 13.0.1 Technologies Affected Oracle JDKLinux...

6.5AI score0.03613EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/12 12:0 a.m.38 views

SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)

This update for strongswan provides the following fixes : Security issues fixed : CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket bsc1094462. CVE-2018-10811: Fixed a...

7.5CVSS6.7AI score0.07124EPSS
Exploits0References17
Oracle linux
Oracle linux
added 2019/08/13 12:0 a.m.83 views

python-urllib3 security update

1.10.2-7 - Provide python2-urllib3 - Add patch for CVE-2019-11236 Resolves: rhbz1703360 1.10.2-6 - Source URL switched to HTTPS protocol - Add patch for CVE-2018-20060 Resolves: rhbz1658471...

9.8CVSS0.5AI score0.04488EPSS
Exploits1
Rows per page
Query Builder