Lucene search
K

23 matches found

ATTACKERKB
ATTACKERKB
added 2024/09/18 3:15 p.m.5 views

CVE-2023-28451

An issue was discovered in Technitium 11.0.2. There is a vulnerability called BadDNS in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS denial of service for normal resolution. The effects of an exploit would be widespread and highly impactful, becaus...

7.5CVSS5.8AI score0.0053EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.3 views

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS5.8AI score0.0212EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/02 3:35 a.m.17 views

Security Bulletin: IBM Content Navigator is vulnerable to Cross Site Port Attack due to Daeja ViewONE (CVE-2024-31897)

Summary Daeja ViewOne Virtual is used by IBM Content Navigator as part of the document viewer. CVE-2024-31897 Vulnerability Details CVEID:CVE-2024-31897 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0....

4.3CVSS4.7AI score0.00297EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/25 12:0 a.m.19 views

CVE-2024-37855

An issue in Nepstech Wifi Router xpon terminal NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials...

8.2AI score0.0048EPSS
Exploits0References1
NVD
NVD
added 2023/11/03 11:15 a.m.28 views

CVE-2023-4769

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

8.8CVSS6.9AI score0.03251EPSS
Exploits0References1
Prion
Prion
added 2023/11/03 11:15 a.m.19 views

Server side request forgery (ssrf)

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

6.5CVSS8.3AI score0.03251EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/03 10:55 a.m.12 views

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

6.6CVSS6.7AI score0.03251EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 5:0 p.m.10 views

UBUNTU-CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

6.7CVSS6.7AI score0.00612EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2021/11/03 7:52 p.m.2 views

Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports

The Mozilla Foundation Security Advisory describes this flaw as: The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on...

6.5CVSS7.2AI score0.00805EPSS
Exploits0References4
CNVD
CNVD
added 2019/09/03 12:0 a.m.4 views

Schneider Electric Modicon M340 PLC Module Denial of Service Vulnerability

Schneider Electric M340 PLC is a modular general-purpose controller from Schneider for the manufacturing industry. It is widely used in tobacco, petrochemical, water and other important industrial control sites. A denial of service vulnerability exists in the Schneider Electric M340 PLC CPU. The...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/04/10 12:0 a.m.3 views

MECO USB Memory Stick Privilege Gain Vulnerability

MECO USB Memory Stick is a portable USB memory device. A security vulnerability exists in the MECO USB Memory Stick with Fingerprint MECOZiolsamDE601. An attacker can exploit the vulnerability by sending static packets to the serial port on the PCB to unlock the key and gain access to the data...

7.2CVSS7AI score0.00518EPSS
Exploits0References1
OSV
OSV
added 2017/12/01 3:29 p.m.4 views

CVE-2017-15702

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...

9.8CVSS5.8AI score0.06214EPSS
Exploits0References4
0day.today
0day.today
added 2017/05/20 12:0 a.m.97 views

Oracle PeopleSoft - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017...

6.4CVSS6.8AI score0.09636EPSS
Exploits5
exploitpack
exploitpack
added 2017/05/19 12:0 a.m.93 views

Oracle PeopleSoft - Server-Side Request Forgery

Oracle PeopleSoft - Server-Side Request Forgery Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference...

6.4CVSS0.7AI score0.09636EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/05/19 12:0 a.m.73 views

Oracle PeopleSoft - Server-Side Request Forgery

Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Roman Shalymov...

6.5CVSS6.8AI score0.09636EPSS
Exploits5
0day.today
0day.today
added 2017/04/20 12:0 a.m.82 views

Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF Vulnerabilities

Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability. Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com...

6.4CVSS6.9AI score0.09636EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/04/20 12:0 a.m.80 views

Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF

Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Roman Shalymov...

0.3AI score0.09636EPSS
Exploits5
erpscan
erpscan
added 2016/12/23 12:0 a.m.673 views

SSRF in PeopleSoft IMServlet

Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor: Oracle Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Authors: Roman Shalymov ERPScan...

6.4CVSS0.6AI score0.09636EPSS
Exploits5
Hacker One
Hacker One
added 2016/06/23 8:11 p.m.30 views

New Relic: http://newrelic.com SSRF/XSPA

A Server Side Request Forgery / Cross Site Port Attack was discovered via a POST request to http://newrelic.com/syntheticspreviews and using the parameter within the body of the request testurl. A Server Side Request Forgery vulnerability allows to issue remote connections on behalf of the affect...

7AI score
Exploits0
OSV
OSV
added 2014/11/07 7:55 p.m.2 views

DEBIAN-CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service NULL pointer dereference by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket...

2.1CVSS8.1AI score0.00405EPSS
Exploits0References1
Rows per page
Query Builder