Lucene search
K

119 matches found

NVD
NVD
added 2021/12/10 6:15 p.m.22 views

CVE-2021-43813

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

4.3CVSS0.57991EPSS
Exploits0References8
Prion
Prion
added 2021/12/10 6:15 p.m.26 views

Directory traversal

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

4CVSS4.5AI score0.57991EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.17 views

SuiteCRM 代码问题漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability exists in SuiteCRM that stems from SuiteCRM prior to 7.11.19 that allows remote code execution to be set via the system settings log file name. An attacker can exploit the vulnerability...

9CVSS8.7AI score0.58945EPSS
Exploits5References8
Kitploit
Kitploit
added 2021/09/21 11:30 a.m.43 views

Weakpass - Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is...

7.6AI score
Exploits0References2
Metasploit
Metasploit
added 2021/07/24 5:50 p.m.91 views

Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution

This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin SP Project & Document /.php Module Options msf use exploit/multi/http/wppluginspprojectdocumentrce msf exploitwppluginspprojectdocumentrce...

8.8CVSS8.6AI score0.52007EPSS
Exploits8
AlpineLinux
AlpineLinux
added 2021/03/27 5:57 p.m.41 views

CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

6.1CVSS6.1AI score0.00929EPSS
Exploits0
OSV
OSV
added 2021/02/25 2:1 a.m.2 views

GHSA-8WP3-CP9V-44FM Cross-Site Scripting in marked

Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity...

7AI score
Exploits0References2
OSV
OSV
added 2021/02/23 1:15 p.m.8 views

CVE-2020-14359

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...

7.3CVSS5.8AI score0.0093EPSS
Exploits0References2
NVD
NVD
added 2021/02/23 1:15 p.m.22 views

CVE-2020-14359

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...

7.5CVSS0.0093EPSS
Exploits0References2
Prion
Prion
added 2021/02/23 1:15 p.m.22 views

Design/Logic Flaw

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...

7.5CVSS7.1AI score0.0093EPSS
Exploits0References2
CVE
CVE
added 2021/02/23 12:42 p.m.88 views

CVE-2020-14359

CVE-2020-14359 affects all versions of Keycloak Gatekeeper. The vulnerability allows bypass of Gatekeeper authentication when lowercase HTTP headers are used (e.g., via curl), a scenario tolerated by some webservers like Jetty. Impacted component: Gatekeeper in front of a Jetty backend can fail t...

7.5CVSS7.1AI score0.0093EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.8 views

Red Hat Keycloak Security Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from when the Jetty server uses lowercase headers without any protection...

7.5CVSS7.1AI score0.0093EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/12/01 12:5 p.m.3 views

php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution

A vulnerability was found in PHP while using the mbstrtolower function with UTF-32LE encoding, where certain invalid strings cause PHP to overwrite the stack-allocated buffer. This flaw leads to memory corruption, crashes, and potential code execution...

8.8CVSS7.4AI score0.04764EPSS
Exploits1References6
OSV
OSV
added 2019/12/23 3:15 a.m.4 views

CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations...

9.8CVSS7.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2019/12/21 12:0 a.m.3 views

PT-2019-12154 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue arises when custom headers are supplied to the mail function in lowercase, resulting in double-freeing certain memory locations due to a mistake introduced in a specif...

9.8CVSS6.5AI score0.08888EPSS
Exploits5References41
Kitploit
Kitploit
added 2018/11/15 8:40 p.m.117 views

DeepSearch - Advanced Web Dir Scanner

DeepSearch is a simple command line tool for bruteforce directories and files in websites. Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Screenshots Usage Basic: python3 deepsearch.py -u...

8AI score
Exploits0References1
CNVD
CNVD
added 2018/01/23 12:0 a.m.9 views

jQuery Denial of Service Vulnerability

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A denial of service vulnerability exists in versions of...

7.5CVSS6.6AI score0.02886EPSS
Exploits1References1
CNVD
CNVD
added 2017/03/22 12:0 a.m.3 views

Suricata 'MemcmpLowercase' Function Security Bypass Vulnerability

Suricata is a network intrusion detection system IDS, intrusion prevention system IPS and network security monitoring engine that supports multi-threading, built-in IPv6, the ability to load pre-defined rules, and more. A security vulnerability exists in Suricata's 'MemcmpLowercase' function. A...

9.8CVSS7AI score0.03258EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/11/03 12:0 a.m.7 views

The vulnerability of the Perl interpreter, allowing attackers to inject arbitrary code

The vulnerability of the lc, lcfirst, uc, and ucfirst functions in the Perl interpreter is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to bypass security mechanisms and inject arbitrary code due to errors related to the improper use of the taint...

5CVSS5.7AI score0.08712EPSS
Exploits1References16Affected Software1
Prion
Prion
added 2016/04/01 7:59 p.m.24 views

Design/Logic Flaw

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly formerly JBoss Application Server before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the 1 WEB-INF or 2 META-INF directory via a request that contains a lowercase or b...

5CVSS6.9AI score0.15572EPSS
Exploits3References5Affected Software1
Rows per page
Query Builder