Lucene search
+L

38 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/13 4:0 p.m.8 views

CVE-2022-22190

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the...

7.5CVSS7.1AI score0.00923EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/20 12:0 a.m.14 views

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. PoC http://www.example.com/wp-content/uploads/submissionreport.pdf...

5CVSS2.4AI score0.01822EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2021/07/20 12:0 a.m.18 views

WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

7.5CVSS2.1AI score0.01822EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/20 12:0 a.m.157 views

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...

5CVSS4AI score0.01822EPSS
Exploits2References3
NVD
NVD
added 2021/07/19 5:15 p.m.15 views

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

7.5CVSS0.01822EPSS
Exploits2References2
Prion
Prion
added 2021/07/19 5:15 p.m.23 views

Authentication flaw

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

5CVSS7.7AI score0.01822EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/07/19 4:45 p.m.26 views

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

7.9AI score0.01822EPSS
Exploits2References2
CVE
CVE
added 2021/07/19 4:45 p.m.66 views

CVE-2021-34675

CVE-2021-34675 affects the WordPress Basix NEX-Forms plugin up to version 7.8.7. The vulnerability is an authentication bypass that allows access to stored PDF reports without valid credentials. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB) as an authentication by...

7.5CVSS7.7AI score0.01822EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.6 views

WordPress 授权问题漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

7.5CVSS5.7AI score0.01822EPSS
Exploits2References3
Kitploit
Kitploit
added 2021/07/02 12:30 p.m.111 views

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

7AI score
Exploits0References15
Kitploit
Kitploit
added 2019/05/13 9:10 p.m.142 views

Horn3t - Powerful Visual Subdomain Enumeration At The Click Of A Mouse

Horn3t is your Nr 1 tool for exploring subdomains visually. Building on the great Sublist3r framework or extensible with your favorite one it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and...

7.3AI score
Exploits0References5
OpenVAS
OpenVAS
added 2019/03/27 12:0 a.m.29 views

Elastic Kibana 4.0 <= 4.6 / 5.0 <= 5.6.12 / 6.0 <= 6.4.2 Credential Exposure Vulnerability - Windows

Kibana is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

9.8CVSS9.1AI score0.01295EPSS
Exploits0References2
Prion
Prion
added 2018/12/20 10:29 p.m.24 views

Authorization

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...

5CVSS9.2AI score0.01295EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/12/20 10:29 p.m.28 views

CVE-2018-17245

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...

9.8CVSS6.5AI score
Exploits0References2
Cvelist
Cvelist
added 2018/12/20 10:0 p.m.29 views

CVE-2018-17245

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...

9.3AI score0.01295EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/12/05 12:0 a.m.77 views

Kibana ESA-2018-17

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...

9.8CVSS8.3AI score0.01295EPSS
Exploits0References3
Kitploit
Kitploit
added 2017/07/24 2:22 p.m.14 views

WebVulScan - Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the...

8.1AI score
Exploits0References1
Hacker One
Hacker One
added 2016/04/28 7:7 p.m.15 views

LocalTapiola: Possibly big authorization problem in Lähitapiola´s varainhoito

Issue The reporter found a design flaw in a feature where pdf-reports are generated. Pdf-reports were generated using 19-digit random names and the names as well as the reports were persistent and accessible by all authenticated users. Fix Guessing a random 19-digit name was found to be almost...

1.3AI score
Exploits0
Rows per page
Query Builder