Lucene search
K

177 matches found

Huntr
Huntr
added 2021/10/02 10:44 a.m.12 views

in cortezaproject/corteza-server

Set up the cortezaproject in your local machine. Steps: -------- 1. Create the account on corteza 2. Login using same credentails from chrome and firefox. 3. Change user password from chrome. 4. Perform any activity in Firefox the session is still valid. Mitigation: --------------- After changing...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/07/06 4:31 p.m.6 views

Server-Side Request Forgery (SSRF) in erudika/scoold

✍️ Description Possible SSRF in scoold in user profile picture from URL 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create an account and click on the image. 2. Now open the local server or enter any IP:port ex: http://127.0.0.1:8082 3. Now enter the URL and then view the image, you will see get...

0.5AI score
Exploits0
OSV
OSV
added 2021/05/13 4:15 p.m.1 views

DEBIAN-CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...

5.3CVSS5.6AI score0.02169EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/03/12 8:30 p.m.34 views

Go-RouterSocks - Router Sock. One Port Socks For All The Others.

The next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks port on the attacker's machine and send all the traffic through a tunnel to the compromised machine. When several socks ports are available, we have to manage different proxychains...

7.5AI score
Exploits0References2
Prion
Prion
added 2021/03/03 8:15 p.m.26 views

Design/Logic Flaw

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

6.4CVSS8.8AI score0.18607EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/02/23 3:15 p.m.3 views

CVE-2021-3252

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure...

7.5CVSS7AI score0.02588EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.8 views

KACO new energy GmbH KACO XP100U Security Vulnerability

KACO new energy GmbH KACO XP100U is an application from KACO new energy GmbH, Germany, that provides new energy conversion. A security vulnerability exists in KACO New Energy XP100U Up to XP-JAVA 2.0, which stems from credentials always being returned in plaintext from the local server, regardles...

7.5CVSS7.1AI score0.02588EPSS
Exploits1References4
NCSC
NCSC
added 2020/12/22 12:0 a.m.17 views

Serious vulnerabilities fixed in Dell Wyse ThinOS

Vulnerabilities have been fixed in Dell Wyse ThinOS. A malicious person with access to a local FTP server could exploit the vulnerabilities to obtain sensitive information. The malicious party, by accessing this information and the ability to modify configuration files, the entire system. Dell ha...

10CVSS6.6AI score0.01848EPSS
Exploits0
exploitpack
exploitpack
added 2020/01/06 12:0 a.m.16 views

Codoforum 4.8.3 - Persistent Cross-Site Scripting

Codoforum 4.8.3 - Persistent Cross-Site Scripting Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-03 Exploit Author: Prasanth c41m, Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link:...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/11/26 6:3 p.m.26 views

New Relic: Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration

Hey team, I've discovered that webserver which serves NR1 nerdpacks locally after nr1 nerdpack:serve is executed allows cross-origin requests from every subdomain of nr-ext.net. Since the nr-ext.net domain is used as a sandbox for user-supplied apps, an attacker can place there a malicious code...

0.2AI score
Exploits0
Prion
Prion
added 2019/11/19 1:15 p.m.10 views

Code injection

Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library DLL. The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated...

6.9CVSS7.5AI score0.00381EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/08/21 6:15 p.m.18 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to rea...

5CVSS8.3AI score0.01782EPSS
Exploits0References1Affected Software2
ThreatPost
ThreatPost
added 2019/07/10 3:57 p.m.53 views

Latest FinSpy Modules Lift Data from Secure Messaging Apps

The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from...

6.3AI score
Exploits0References7
CNVD
CNVD
added 2018/11/20 12:0 a.m.1 views

Local Server Buffer Overflow Vulnerability

Local Server is a Windows-based Web server. A buffer overflow vulnerability exists in Local Server version 1.0.9. An attacker can exploit this vulnerability to cause a denial of service with specially crafted data...

7.5CVSS7.5AI score0.01511EPSS
Exploits5References1
NVD
NVD
added 2018/11/16 6:29 p.m.12 views

CVE-2018-18756

Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008...

7.5CVSS7.6AI score0.01511EPSS
Exploits5References1
OSV
OSV
added 2018/11/16 6:29 p.m.2 views

CVE-2018-18756

Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008...

7.5CVSS5.8AI score0.01511EPSS
Exploits5References1
Prion
Prion
added 2018/11/16 6:29 p.m.10 views

Buffer overflow

Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008...

5CVSS7.5AI score0.01511EPSS
Exploits5References1Affected Software1
CVE
CVE
added 2018/11/16 6:0 p.m.59 views

CVE-2018-18756

CVE-2018-18756 affects Local Server 1.0.9. A buffer overflow is triggered by crafted data sent to port 4008, leading to Denial of Service. Multiple connected sources (NVD entry, CNVD/PRION/CVE lists, Exploit-DB/Exploit-Pack) corroborate a DoS risk with PoC evidence showing repeated socket connect...

7.5CVSS7.5AI score0.01511EPSS
Exploits5References1Affected Software1
Cvelist
Cvelist
added 2018/11/16 6:0 p.m.16 views

CVE-2018-18756

Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008...

7.6AI score0.01511EPSS
Exploits5References1
Packet Storm
Packet Storm
added 2018/10/29 12:0 a.m.31 views

Local Server 1.0.9 Denial Of Service

Exploit Title: Local Server 1.0.9 - Denial of Service PoC Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.ujang-rohidin.blogspot.com/ Software Link: https://sourceforge.net/projects/local-server/files/latest/download Version: 1.0.9 Category: Dos Tested on:...

7.6AI score0.01511EPSS
Exploits5
Rows per page
Query Builder