Lucene search
+L

141 matches found

OSV
OSV
added 2023/10/06 6:15 p.m.5 views

CVE-2023-45239

A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...

9.8CVSS6.4AI score0.01813EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.5 views

PT-2023-29466 · Tac Plus · Tac Plus

Name of the Vulnerable Software and Affected Versions: tac plus versions prior to commit 4fdf178 Description: A lack of input validation exists in tac plus, which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac plu...

9.8CVSS7.8AI score0.01813EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.7 views

PT-2023-12634 · WordPress · User Access Manager

Name of the Vulnerable Software and Affected Versions: User Access Manager WordPress plugin versions prior to 2.2.18 Description: The issue allows attackers to access restricted content in certain situations by prioritizing a visitor's IP from certain HTTP headers over PHP's REMOTE ADDR...

5.3CVSS6.1AI score0.00582EPSS
Exploits2References7
Snyk
Snyk
added 2023/06/22 11:31 a.m.4 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass...

6.9CVSS7.3AI score0.00601EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.5 views

PT-2023-22356 · Npm +1 · Proxy

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker can trigger a denial of service by sending a crafted HTTP request, affecting the socket.remoteAddress variable. The usage of this...

7.5CVSS7.4AI score0.01478EPSS
Exploits1References8
OSV
OSV
added 2023/03/22 3:2 p.m.6 views

USN-5968-1 python-git vulnerability

It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...

9.8CVSS7.3AI score0.05378EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

4.3CVSS6.7AI score0.04807EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.5 views

SUSE CVE-2010-3849

The econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service NULL pointer dereference and OOPS via a sendmsg call that specifies a NULL value for the remote address field...

4.7CVSS6.2AI score0.00711EPSS
Exploits5References8
Vulnrichment
Vulnrichment
added 2022/12/27 9:13 p.m.6 views

CVE-2013-10005 Infinite loop in github.com/btcsuite/go-socks

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow...

7.5AI score0.00782EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.6 views

SOCKS5 Proxy Package for Go 安全漏洞

SOCKS5 Proxy Package for Go is an open source SOCKS5 proxy library for Go by Bitcoin in Go. SOCKS5 Proxy Package for Go suffers from a security vulnerability that stems from the fact that the RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loo...

7.5CVSS7.4AI score0.00782EPSS
Exploits0References3
PyPA
PyPA
added 2022/12/06 5:15 a.m.9 views

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS7.7AI score0.05378EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/09/26 1:15 p.m.6 views

CVE-2022-1613

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations...

5.3CVSS5.8AI score0.00589EPSS
Exploits2References1
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2362

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions...

7.5CVSS5.8AI score0.00958EPSS
Exploits2References1
OSV
OSV
added 2022/08/16 9:15 p.m.23 views

CVE-2020-1755

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks...

5.3CVSS6.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/08/16 9:15 p.m.20 views

CVE-2020-1755

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks...

5.3CVSS6.1AI score0.00477EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/16 7:29 p.m.35 views

CVE-2020-1755

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks...

5.4AI score0.00477EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2022/06/02 7:1 a.m.362 views

Exploit for CVE-2022-30190

CVE-2022-30190 CVE-2022-30190 CVE-2022-30190 Follina POC Hos...

9.3CVSS8.5AI score0.99374EPSS
Exploits62
Github Security Blog
Github Security Blog
added 2022/05/24 5:25 p.m.24 views

Improper Neutralization of Input During Web Page Generation in Jenkins

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Toke...

5.4CVSS5.3AI score0.05298EPSS
Exploits3References6Affected Software1
NVD
NVD
added 2021/11/24 4:15 p.m.18 views

CVE-2021-3554

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions...

10CVSS0.02682EPSS
Exploits0References1
Prion
Prion
added 2021/11/24 4:15 p.m.20 views

Improper access control

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions...

7.5CVSS9.2AI score0.02682EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder