Lucene search
+L

102 matches found

OSV
OSV
added 2023/11/20 9:15 a.m.3 views

DEBIAN-CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8CVSS7.1AI score0.01418EPSS
Exploits0References1
Prion
Prion
added 2023/11/20 9:15 a.m.21 views

Authorization

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

7.5CVSS7.9AI score0.01418EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/20 9:15 a.m.12 views

UBUNTU-CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8CVSS7AI score0.01418EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/11/20 8:49 a.m.16 views

CVE-2022-46337 Apache Derby: LDAP injection vulnerability in authenticator

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8AI score0.01418EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2023/08/22 11:30 a.m.51 views

Update now! WinRAR files can be abused to run malware

A new version of the file archiving software WinRAR fixes two vulnerabilities that could allow an attacker to execute code on a target system. All the victim has to do is to open a specially crafted archive. After receiving a report about the vulnerability in June, a new version of the software w...

7.1AI score0.1308EPSS
Exploits1
OSV
OSV
added 2023/08/21 7:58 p.m.107 views

GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass

Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...

7.2CVSS7AI score0.01909EPSS
Exploits1References6
0day.today
0day.today
added 2023/06/08 12:0 a.m.321 views

Microsoft Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.3 views

Changingtec ServiSign 输入验证错误漏洞

Changingtec ServiSign is a system from Changingtec Taiwan, China. The system provides a cross-platform solution for digital signatures and authentication. An input validation error vulnerability exists in the ChangingTech MegaServiSignAdapter. The vulnerability stems from the presence of improper...

9.8CVSS8.5AI score0.00901EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/08/22 6:7 p.m.22 views

MTN Group: Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server

A remote code execution vulnerability was discovered in Pentaho Business Analytics Server. By uploading a specially crafted Pentaho report file using default credentials, an attacker could achieve arbitrary code execution...

8.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/04 12:55 p.m.210 views

New Woody RAT Malware Being Used to Target Russian Organizations

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office...

9.3CVSS1.2AI score0.99374EPSS
Exploits62
OSV
OSV
added 2022/07/08 4:15 a.m.3 views

CVE-2021-41037

In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually...

8CVSS5.8AI score0.00874EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/04 2:15 a.m.3 views

CVE-2022-33971

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow ...

7.5CVSS6AI score0.01146EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2022/06/24 12:30 p.m.20 views

Norimaci - Simple And Lightweight Malware Analysis Sandbox For macOS

"Norimaci" is a simple and lightweight malware analysis sandbox for macOS. This tool was inspired by "Noriben". Norimaci uses the features of OpenBSM or Monitor.app to monitor macOS system activity instead of Sysinternals Process Monitor procmon. Norimaci consists of 3 Python scripts. norimaci.py...

7.6AI score
Exploits0References6
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.6 views

Verbatim Keypad Secure USB Drive 数据伪造问题漏洞

The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from Verbatim, a Chinese company. A security vulnerability in the Verbatim Keypad Secure USB Drive, which stems from a lack of integrity checking, can be exploited by an attacker to store and execute malware on an emulat...

4.6CVSS5.3AI score0.00316EPSS
Exploits1References11
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

ABB e-Design 安全漏洞

ABB e-Design is a tool from ABB Switzerland for designing electrical systems using ABB hardware. A security vulnerability exists in ABB e-Design that stems from an incorrect default privileges vulnerability in ABB e-Design. An attacker could use this vulnerability to install malware that executes...

7.8CVSS7.4AI score0.00321EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:38 p.m.8 views

GHSA-WC29-H54Q-Q8QX Formstone Vulnerable to Reflected XSS

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

6.1CVSS6.1AI score0.01224EPSS
Exploits0References3
hivepro
hivepro
added 2022/03/17 5:55 a.m.34 views

Attackers Escape Kubernetes Containers using “cr8escape” Vulnerability in CRI-O

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A flaw in CRI-O, an open-source Linux implementation of Kubernetes Container Runtime Interface CRI, was discovered that may allow an attacker to gain remote control of servers and potentially poison the container with attack...

2.9AI score0.18561EPSS
Exploits0
CNVD
CNVD
added 2021/10/11 12:0 a.m.17 views

webTareas Code Issues Vulnerabilities

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas 2.4 and earlier versions that allows an attacker to exploit the platform by...

8.8CVSS8.7AI score0.02295EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/08 12:0 a.m.5 views

webTareas 代码问题漏洞

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas 2.4 and earlier versions that allows an attacker to exploit the platform by...

8.8CVSS8.2AI score0.02295EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/06/15 12:0 a.m.7 views

The vulnerability in the web interface for controlling Cisco AsyncOS operating systems allows attackers to perform cross-site scripting attacks.

The vulnerability in the web interface for controlling Cisco AsyncOS operating systems is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by executing a specially created...

5.8CVSS6AI score0.00704EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder