Lucene search
K

85 matches found

Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.5 views

PT-2020-14423 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

10CVSS9.7AI score0.08083EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.7 views

PT-2020-14421 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

10CVSS9.6AI score0.08083EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.8 views

PT-2020-14546 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

10CVSS9.7AI score0.08335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/01/23 12:0 a.m.7 views

PT-2020-6770 · Unknown · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions cwp-e17.0.9.8.923 Description: The issue is related to the implementation of the ajax mod security.php script in CentOS Web Panel, where the archivo parameter does not properly neutralize special elements in...

10CVSS9.5AI score0.08411EPSS
Exploits0References5
pentestit
pentestit
added 2017/09/04 6:11 a.m.701 views

XSStrike: A XSS Detection & Exploitation Kit

PenTestIT RSS Feed If you remember a couple of weeks back, I blogged about XSS Radar, a Google Chrome extension to help you discover cross-site scripting vulnerabilities. This post is about - XSStrike, a similar tool to help you find cross-site scripting vulnerabilities, but it is coded in Python...

5.8AI score
Exploits0
seebug.org
seebug.org
added 2016/05/14 12:0 a.m.31 views

Wordpress Seo Link Rotator 插件-pusher.php文件title参数--跨站脚本漏洞

漏洞详情 漏洞标题 : Wordpress Seo Link Rotator 插件-pusher.php文件title参数--跨站脚本漏洞 插件首页 : http://www.seolinkrotator.com 下载链接 : http://www.seolinkrotator.com/download/files/seolinkrotator.zip 存在跨站漏洞的文件为pusher.php ,未做输入输出转义过滤: Link To This If you would like to share this with someone else just copy and paste th...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.21 views

Debian DLA-34-1 : libapache-mod-security security update

Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should have been removed by modsecurity. NOTE: Tenable Network Security...

5CVSS6.2AI score0.02648EPSS
Exploits2References3
Kitploit
Kitploit
added 2014/08/13 12:57 a.m.14 views

Suricata IDPE 2.0.3 - Open Source Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

MyBB Profile Blogs Plugin 1.2 - Multiple Vulnerabilities

No description provided by source. Exploit Title: MyBB Profile Blog plugin multiple vulnerabilities. Google Dork: inurl:member.php intext:Profile Blogs for MyBB Date: 12.9.2012 Exploit Author: Zixem Vendor Homepage: http://fklar.pl/ Software Link: http://mods.mybb.com/view/profile-blogs Version:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.39 views

openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)

complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to modsecurity2: /etc/apache2/conf.d/modsecurity2.conf loads /usr/share/apache2-modsecurity2/rules/modsecuritycrs1 0setup.conf, then...

7.5CVSS6.2AI score0.13719EPSS
Exploits8References10
Kitploit
Kitploit
added 2013/12/23 4:15 p.m.21 views

[Suricata 1.4.7] Open Source Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/06/03 2:26 a.m.15 views

[Suricata 1.4.2] Next Generation Intrusion Detection and Prevention Engine

TheSuricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of Homela...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/04/11 12:0 a.m.35 views

Debian DSA-2659-1 : libapache-mod-security - XML external entity processing vulnerability

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially crafted XML file provided by a remote attacker,...

7.5CVSS5.5AI score0.04208EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/04/09 12:0 a.m.33 views

Debian Security Advisory DSA 2659-1 (libapache-mod-security - XML external entity processing vulnerability)

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker,...

7.5CVSS6AI score0.04208EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2013/04/08 12:0 a.m.20 views

Debian: Security Advisory (DSA-2659-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.04208EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2012/08/10 12:0 a.m.34 views

Debian: Security Advisory (DSA-2506-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.03303EPSS
Exploits2References3
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.86 views

[SECURITY] [DSA 2506-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.03303EPSS
Exploits2
exploitpack
exploitpack
added 2012/06/04 12:0 a.m.16 views

Mnews 1.1 - view.php SQL Injection

Mnews 1.1 - view.php SQL Injection \n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/mnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "view.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/04/09 12:0 a.m.49 views

osCmax Shop CMS 2.5.1 Cross Site Scripting

Title: ====== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=497 VL-ID: ===== 497 Introduction: ============= osCMax is a powerful e-commerce/shopping cart web application. There are many...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/02/02 12:0 a.m.32 views

Joomla Currency Converter Cross Site Scripting

Exploit Title: Joomla modules modcurrencyconverter XSS Vulnerability Date: 2012-02-02 GMT +7 Author: BHG Security Center Software Link: http://joomla.org Dork: inurl:/includes/convert.php?from= Tested on: ubuntu 11.04 CVE : -...

Exploits0
Rows per page
Query Builder