Lucene search
K

6358 matches found

Redos
Redos
added 2023/07/06 12:0 a.m.33 views

ROS-2-1203

2.1203 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

8.4AI score0.52838EPSS
Exploits10
Redos
Redos
added 2023/07/06 12:0 a.m.44 views

ROS-2-566

2.566 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

7.7CVSS8.5AI score0.52838EPSS
Exploits10
Redos
Redos
added 2023/07/06 12:0 a.m.40 views

ROS-2-1443

2.1443 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.1AI score0.52838EPSS
Exploits10
Redos
Redos
added 2023/07/06 12:0 a.m.22 views

ROS-2-1585

2.1585 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.5AI score0.52838EPSS
Exploits10
Redos
Redos
added 2023/07/06 12:0 a.m.19 views

ROS-2-1880

2.1880 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.4AI score0.52838EPSS
Exploits10
Redos
Redos
added 2023/07/06 12:0 a.m.33 views

ROS-2-1545

2.1545 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.4AI score0.52838EPSS
Exploits10
Redos
Redos
added 2023/07/06 12:0 a.m.7 views

ROS-2-2028

2.2028 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.5AI score0.52838EPSS
Exploits10
Github Security Blog
Github Security Blog
added 2023/07/05 10:40 p.m.23 views

Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...

8.1CVSS7.2AI score0.00586EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2023/07/05 10:40 p.m.17 views

GHSA-JPGW-2R9M-8QFW Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...

8.1CVSS6.8AI score0.00586EPSS
Exploits1References10
NVD
NVD
added 2023/07/05 10:15 p.m.39 views

CVE-2023-36809

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

8.1CVSS8AI score0.00586EPSS
Exploits1References6
OSV
OSV
added 2023/07/05 9:33 p.m.18 views

GHSA-MVJ3-QRQH-CJVR CometBFT PeerState JSON serialization deadlock

Impact An internal modification to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. Via logs Setting the consensus logging module to "debug" level should not happen in production, and...

5.3CVSS4.5AI score0.0069EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/07/05 9:2 p.m.17 views

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

8.1CVSS6.6AI score0.00586EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/07/05 9:2 p.m.45 views

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

8.1CVSS8.2AI score0.00586EPSS
Exploits1References6
CVE
CVE
added 2023/07/05 9:2 p.m.46 views

CVE-2023-36809

Kiwi TCMS prior to version 12.5 is impacted by a stored XSS issue tied to how uploaded attachments (test plans, test cases, etc.) are served. The root cause involved an earlier attempt to treat all uploaded files as plain text to prevent script execution, but some browsers (e.g., Firefox) could i...

8.1CVSS6.6AI score0.00586EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/07/05 9:2 p.m.23 views

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

8.1CVSS6.2AI score0.00586EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/07/05 12:0 a.m.5 views

PT-2023-8825 · Kiwi Tcms · Kiwi Tcms

Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.5 Description: The issue is related to the upload of attachments to test plans and test cases in Kiwi TCMS. Earlier versions of Kiwi TCMS had changes to serve all uploaded files as plain text to prevent browsers...

9.4CVSS5.9AI score0.00586EPSS
Exploits1References13
Trellix
Trellix
added 2023/07/05 12:0 a.m.112 views

The Bug Report - June 2023 Edition

The Bug Report – June 2023 Edition By Trellix · July 05, 2023 This story was also written by Jesse Chick. Can I have a word with the developers who greenlit these vulns? Why am I here? "To our newcomers, welcome! To our old hands, welcome back!" Iykyk. Every month, we chronicle the disruptive new...

10.7AI score0.99934EPSS
Exploits32
Packet Storm
Packet Storm
added 2023/07/04 12:0 a.m.225 views

ApPHP MicroCMS 1.0.1 Host Header Injection

==================================================================================================================================== | Title : ApPHP MicroCMS v1.0.1 Host header attack Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

7.1AI score
Exploits0
Photon
Photon
added 2023/07/02 12:0 a.m.71 views

Critical Photon OS Security Update - PHSA-2023-3.0-0606

Updates of 'kube-bench', 'linux-rt', 'linux-esx', 'linux-secure', 'nxtgn-openssl', 'nginx-ingress', 'nodejs', 'linux-aws', 'ntp', 'linux' packages of Photon OS have been released...

6.5CVSS6.7AI score0.73461EPSS
Exploits0
Kitploit
Kitploit
added 2023/07/01 12:30 p.m.17 views

Bropper - An Automatic Blind ROP Exploitation Tool

An automatic Blind ROP exploitation python tool Abstract BROP Blind ROP was a technique found by Andrew Bittau from Stanford in 2014. Original paper Slides Most servers like nginx, Apache, MySQL, forks then communicates with the client. This means canary and addresses stay the same even if there ...

7.6AI score
Exploits0References3
Rows per page
Query Builder