121 matches found
reNgine 2.2.0 Command Injection
Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...
reNgine 2.2.0 - Command Injection (Authenticated)
Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...
reNgine 2.2.0 - Command Injection (Authenticated) Vulnerability
Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3. Modify any Scan...
CVE-2024-43381
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...
CVE-2024-43381 reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...
CVE-2024-43381
CVE-2024-43381 concerns reNgine, an automated reconnaissance framework. The affected software is reNgine versions 2.1.2 and earlier. The root cause is a Stored Cross-Site Scripting (XSS) flaw: when scanning a domain, if the target’s DNS record contains an XSS payload, that payload is fetched and ...
CVE-2024-43381 reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...
CVE-2024-43381 reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...
PT-2024-30543 · Rengine · Rengine
Name of the Vulnerable Software and Affected Versions: reNgine versions 2.1.2 and prior Description: The issue occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user...
reNgine 安全漏洞
reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined scouting process supported by an engine, scouting data correlation and organization, continuous monitoring, supported by a database and a...
CVE-2024-41661
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: This candidate is a duplicate of CVE-2023-50094. Notes: All CVE users should reference CVE-2023-50094 instead of this candidate...
CVE-2024-41661
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: This candidate is a duplicate of CVE-2023-50094. Notes: All CVE users should reference CVE-2023-50094 instead of this candidate...
CVE-2024-41661
...
CVE-2024-41661
...
CVE-2024-41661
CVE-2024-41661 is rejected; use CVE-2023-50094 instead.
reNgine 安全漏洞
reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined scouting process supported by an engine, scouting data correlation and organization, continuous monitoring, supported by a database and a...
CVE-2023-50094
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...
CVE-2023-50094
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...
Command injection
reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...
CVE-2023-50094
The CVE-2023-50094 vulnerability affects reNgine (before 2.1.2). Affected component is the web API path including api/tools/waf_detector/?url= where shell metacharacters can be injected by an authenticated user, leading to OS command execution as root via subprocess.check_output. Documented impac...