Lucene search
K

110 matches found

Prion
Prion
added 2020/09/18 2:15 p.m.13 views

Cross site scripting

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL...

4.3CVSS6AI score0.00655EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/07/04 3:14 a.m.19 views

Cross-site Request Forgery (CSRF)

jenkins is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...

8.8CVSS5.2AI score0.01993EPSS
Exploits0References3Affected Software27
NVD
NVD
added 2020/06/16 10:15 p.m.25 views

CVE-2020-14210

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

6.1CVSS0.00996EPSS
Exploits0References2
OSV
OSV
added 2020/06/16 10:15 p.m.4 views

CVE-2020-14210

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

6.1CVSS6.3AI score0.00996EPSS
Exploits0References2
Prion
Prion
added 2020/06/16 10:15 p.m.14 views

Cross site scripting

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

4.3CVSS6AI score0.00996EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/06/16 9:10 p.m.27 views

CVE-2020-14210

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

6AI score0.00996EPSS
Exploits0References2
CVE
CVE
added 2020/06/16 9:10 p.m.59 views

CVE-2020-14210

Concrete details found: MONITORAPP WAF (AIWAF‑VE/AIWAF‑4000) has a reflected XSS vulnerability due to insufficient validation of client data by the web application. Impact is client‑side code execution. No patch/version remediation is specified in the provided documents; exploitation status is no...

6.1CVSS6AI score0.00996EPSS
Exploits0References2Affected Software2
Kitploit
Kitploit
added 2020/02/29 8:40 p.m.143 views

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

7.1AI score
Exploits0References1
OSV
OSV
added 2020/01/06 1:15 p.m.16 views

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

9.8CVSS6.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.35 views

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

5.3CVSS6.2AI score0.1786EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/09/08 3:45 p.m.26 views

New Relic: Passive stored XSS at Synthetics job result page (View resource)

Hey team, I've discovered a stored XSS at Synthetics job result page. There is a View resource link near every URL which was requested by a browser and this link href is the requested URL itself: F577804 All the URLs, the browser interacted with, are saved into the database by a minion, when the...

5.8AI score
Exploits0
NVD
NVD
added 2019/06/11 9:29 p.m.22 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.3AI score0.1786EPSS
Exploits0References40
Prion
Prion
added 2019/06/11 9:29 p.m.34 views

Path traversal

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5CVSS6.1AI score0.1786EPSS
Exploits0References40Affected Software5
OSV
OSV
added 2019/06/11 9:29 p.m.25 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.7AI score
Exploits0References40
Debian CVE
Debian CVE
added 2019/06/11 8:49 p.m.58 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6AI score0.1786EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/06/11 8:49 p.m.54 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.7AI score0.1786EPSS
Exploits0
Hacker One
Hacker One
added 2019/03/26 10:13 a.m.39 views

Nextcloud: [Reflected XSS] In Request URL

In index.php file on 1765 we can see XSS: " Because NextCloud allow links like: '/index.php/ANYCONTENT' If we will do request like: POST /updater/index.php/h"alert1; HTTP/1.1 Host: vulns.local Content-Type: application/x-www-form-urlencoded Content-Length: 33 updater-secret-input=OURSECRET We wil...

3.5CVSS1.1AI score0.00729EPSS
Exploits0
Veracode
Veracode
added 2019/02/19 6:33 a.m.17 views

Path Traversal

total.js is vulnerable to path traversal attacks. The vulnerability exists in index.js where req.url is insufficiently sanitized, allowing path traversal attacks...

7.5CVSS7.3AI score0.72058EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2018/11/02 12:0 a.m.153 views

qdPM 9.1 SQL Injection

Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Date: 2018-11-01 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1 Category: Webapps Tested on: XAMPP for...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.42 views

Boerse.de Cross SIte Scripting

Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...

7.4AI score
Exploits0
Rows per page
Query Builder