CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit DB•added 2023/07/19 12:0 a.m.•226 views

PimpMyLog v1.7.14 - Improper access control

Exploit Title: PimpMyLog v1.7.14 - Improper access control Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from...

7.4AI score

The Hacker News•added 2023/07/13 3:55 p.m.•37 views

TeamTNT's Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign

As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob. "The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave...

7.2AI score

Hacker One•added 2023/07/10 5:35 p.m.•38 views

IBM: Nginx Alias Traversal - babel.bluetab.net

Vulnerability description not provided...

7.1AI score

Redos•added 2023/07/06 12:0 a.m.•31 views

ROS-2-1545

2.1545 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.4AI score0.52838EPSS

Redos•added 2023/07/06 12:0 a.m.•22 views

ROS-2-1585

2.1585 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.5AI score0.52838EPSS

Redos•added 2023/07/06 12:0 a.m.•40 views

ROS-2-1443

2.1443 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.1AI score0.52838EPSS

Redos•added 2023/07/06 12:0 a.m.•32 views

ROS-2-1203

2.1203 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

8.4AI score0.52838EPSS

Redos•added 2023/07/06 12:0 a.m.•44 views

ROS-2-566

2.566 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

7.7CVSS8.5AI score0.52838EPSS

Redos•added 2023/07/06 12:0 a.m.•6 views

ROS-2-2028

2.2028 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.5AI score0.52838EPSS

Redos•added 2023/07/06 12:0 a.m.•19 views

ROS-2-1880

2.1880 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.4AI score0.52838EPSS

Github Security Blog•added 2023/07/05 10:40 p.m.•22 views

Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...

8.1CVSS7.2AI score0.00586EPSS

Exploits1References10Affected Software1

OSV•added 2023/07/05 10:40 p.m.•17 views

GHSA-JPGW-2R9M-8QFW Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

8.1CVSS6.8AI score0.00586EPSS

Exploits1References10

NVD•added 2023/07/05 10:15 p.m.•39 views

CVE-2023-36809

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

8.1CVSS8AI score0.00586EPSS

OSV•added 2023/07/05 9:33 p.m.•17 views

GHSA-MVJ3-QRQH-CJVR CometBFT PeerState JSON serialization deadlock

Impact An internal modification to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. Via logs Setting the consensus logging module to "debug" level should not happen in production, and...

5.3CVSS4.5AI score0.0069EPSS

Vulnrichment•added 2023/07/05 9:2 p.m.•15 views

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

8.1CVSS6.6AI score0.00586EPSS

CVE•added 2023/07/05 9:2 p.m.•44 views

CVE-2023-36809

Kiwi TCMS prior to version 12.5 is impacted by a stored XSS issue tied to how uploaded attachments (test plans, test cases, etc.) are served. The root cause involved an earlier attempt to treat all uploaded files as plain text to prevent script execution, but some browsers (e.g., Firefox) could i...

8.1CVSS6.6AI score0.00586EPSS

Exploits1References6Affected Software1

Cvelist•added 2023/07/05 9:2 p.m.•44 views

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

8.1CVSS8.2AI score0.00586EPSS