Lucene search
+L

408 matches found

CNVD
CNVD
added 2018/03/29 12:0 a.m.4 views

Eve Arbitrary Code Execution Vulnerability

Eve pyeve is a Python based open source REST API framework. A security vulnerability exists in the io/mongo/parser.py file in Eve versions prior to 0.7.5. A remote attacker can exploit the vulnerability to execute arbitrary code with the help of the 'where' parameter...

9.8CVSS7.8AI score0.05651EPSS
Exploits0References1
Veracode
Veracode
added 2018/03/15 10:12 a.m.22 views

Remote Code Execution (RCE)

Eve is vulnerable to remote code execution RCE attacks. The library does not fully sanitize nested mongo queries, allowing a malicious user to inject and execute arbitrary code...

9.8CVSS9.8AI score0.05651EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2018/03/14 12:29 p.m.7 views

PYSEC-2018-8

io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...

9.8CVSS8.3AI score0.05651EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2017/12/21 1:10 p.m.29 views

NoSQL Exploitation Framework 2.0 - A Framework For NoSQL Scanning and Exploitation

A FrameWork For NoSQL Scanning and Exploitation Framework Authored By Francis Alexander. Added Features: First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra Support For NoSQL WebAPPS Added payload list for JS Injection,Web application Enumeration. Scan Support for...

7.3AI score
Exploits0References1
Veracode
Veracode
added 2017/05/02 9:47 a.m.10 views

Remote Code Execution

mongo-parse is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/05/02 9:23 a.m.12 views

Remote Code Execution (RCE)

mongo-edit is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
Veracode
Veracode
added 2017/01/04 6:18 a.m.12 views

SQL Injection Attacks

mongo-sql is vulnerable to SQL injection attacks. This is possible because some values in order.js are not escaped before being made into a SQL statement...

7.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.187 views

Moderate: Red Hat Security Advisory: rh-php56 security, bug fix, and enhancement update

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.5AI score0.36974EPSS
Exploits78References73
myhack58
myhack58
added 2016/11/01 12:0 a.m.66 views

HackerOne in the third quarter TOP 5 vulnerability report-vulnerability warning-the black bar safety net

Foreword HackerOne in the third quarter TOP 5 vulnerability reports are coming announced. In this season, we participated in the Vegas hacker conference, hosted Hacked the World, and in the Reddit discussion above, some of the HackerOne problem. HackerOne vulnerability report from platform to...

8.4AI score
Exploits0
hackapp
hackapp
added 2016/04/01 9:44 a.m.9 views

Mongo Madness - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Mongo Madness published at the 'play' market has multiple vulnerabilities...

0.9AI score
Exploits0References1Affected Software1
n0where
n0where
added 2015/08/09 7:51 p.m.22 views

Nosql Exploitation Framework

The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...

0.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/04 8:6 a.m.71 views

Moderate: Red Hat Security Advisory: php55 security and bug fix update

Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

10CVSS7.2AI score0.53166EPSS
Exploits34References18
myhack58
myhack58
added 2015/03/19 12:0 a.m.25 views

MongoDB management tool exposure remote code execution vulnerability-vulnerability warning-the black bar safety net

MongoDB, the IT sector mainstream non-relational database NoSQL platform is one that is based on a table of a relational database of the popular alternatives. Recently, the management for MongoDB is a GUI tool phpMoAdmin is the storm has a very serious security vulnerability, once exploited, this...

0.1AI score
Exploits0
CNVD
CNVD
added 2015/03/09 12:0 a.m.5 views

PHPMoAdmin 'moadmin.php' Remote Code Execution Vulnerability

phpMoAdmin is a PHP development in the MongoDB management tools , can be used to create , delete and modify databases and indexes , provide views and data search tools , provide database startup time and memory statistics , support JSON. A remote code execution vulnerability exists in PHPMoAdmin...

8.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/05/14 12:0 a.m.5 views

openshift-origin-broker: default password creation

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this m...

9.8CVSS6.8AI score0.03789EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/12/17 12:0 a.m.16 views

Fedora Update for php-symfony2-HttpKernel FEDORA-2013-22422

Check for the Version of php-symfony2-HttpKernel OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpKernel FEDORA-2013-22422 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute...

5CVSS6.3AI score0.01868EPSS
Exploits0References2
Fedora
Fedora
added 2013/12/09 2:0 a.m.23 views

[SECURITY] Fedora 18 Update: php-symfony2-HttpKernel-2.2.10-1.fc18

HttpKernel provides the building blocks to create flexible and fast HTTP-based frameworks. It takes a Request as an input and should return a Response as an output. Using this interface makes your code compatible with all frameworks using the Symfony2 components. And this will give you many cool...

5CVSS1.1AI score0.01868EPSS
Exploits0
Fedora
Fedora
added 2013/12/09 2:0 a.m.27 views

[SECURITY] Fedora 18 Update: php-symfony2-HttpFoundation-2.2.10-1.fc18

The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...

5CVSS0.6AI score0.01868EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/08/23 12:0 a.m.27 views

Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579

Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

6.6AI score0.02313EPSS
Exploits0References2
Fedora
Fedora
added 2013/08/21 12:12 a.m.35 views

[SECURITY] Fedora 18 Update: php-symfony2-HttpFoundation-2.2.5-1.fc18

The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...

6.1CVSS0.6AI score0.02313EPSS
Exploits0
Rows per page
Query Builder