Lucene search
K

277 matches found

Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.397 views

Wp2Fac - OS Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.42 views

EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2023-2425)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

9.8CVSS7AI score0.8377EPSS
Exploits5References4
The Hacker News
The Hacker News
added 2023/07/18 5:56 a.m.76 views

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 CVSS score: 9.8, is a case of authentication bypass that enables unauthenticated attackers to...

9.8CVSS9AI score0.99754EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2023/07/14 12:0 a.m.55 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-003)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.25.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-003 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...

9.8CVSS6.8AI score0.00869EPSS
Exploits6References14
Vulnrichment
Vulnrichment
added 2023/07/13 12:0 a.m.17 views

CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

6.8AI score0.00631EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.33 views

Amazon Linux AMI : squid (ALAS-2023-1766)

The version of squid installed on the remote host is prior to 3.5.20-17.48. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1766 advisory. Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in...

7.5CVSS6.6AI score0.06846EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.4 views

PT-2023-3463 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this issue...

8.8CVSS8.9AI score0.01467EPSS
Exploits0References8
0day.today
0day.today
added 2023/04/07 12:0 a.m.176 views

Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Exploit

!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...

9.6CVSS6.6AI score0.35005EPSS
Exploits4
CVE
CVE
added 2023/04/04 7:46 p.m.170 views

CVE-2023-27493

Envoy (CVE-2023-27493) fails to sanitize or escape certain request properties when constructing headers, allowing characters illegal in header values to be sent upstream. This can cause the upstream service to interpret the request as two pipelined requests, potentially bypassing Envoy’s security...

9.1CVSS8.7AI score0.00507EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.8 views

SUSE CVE-2016-8740

The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory consumption via crafted CONTINUATION frames in an HTTP/2 request...

7.5CVSS7.5AI score0.7907EPSS
Exploits4References5
Veracode
Veracode
added 2023/02/01 3:7 a.m.35 views

IP Spoofing

parse-server is vulnerable to IP Spoofing Attack Via HTTP Request Header. The vulnerability exists due to the incorrect implementation of the client IP address in the parse server option masterKeyIps of the library, which sets the allowed IP address to the the x-forwarded-for header value, allowi...

8.7CVSS7.7AI score0.00664EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2023/01/31 9:6 a.m.78 views

CVE-2022-25881

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.8AI score0.01613EPSS
Exploits1References3
Prion
Prion
added 2023/01/31 5:15 a.m.35 views

Design/Logic Flaw

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

5CVSS7.8AI score0.01613EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/01/31 5:0 a.m.28 views

CVE-2022-25881

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

5.3CVSS8.1AI score0.01613EPSS
Exploits1References4
CVE
CVE
added 2023/01/31 5:0 a.m.652 views

CVE-2022-25881

CVE-2022-25881 affects the http-cache-semantics package, specifically versions before 4.1.1. The issue can be exploited by sending malicious request header values to a server that reads the cache policy from the request using this library. This is a header/input handling vulnerability in the clie...

7.5CVSS7AI score0.01613EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/01/22 12:0 a.m.52 views

CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."...

6.6AI score0.02157EPSS
Exploits3References3
UbuntuCve
UbuntuCve
added 2023/01/17 8:15 p.m.84 views

CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

7.5CVSS7.1AI score0.03546EPSS
Exploits0References6
Huntr
Huntr
added 2023/01/12 3:39 p.m.27 views

Race Conditional exists in the collection

Description Ordinary users can use this vulnerability to attack other users' question collection, which can break through a single user's operation of only collecting or canceling the collection, resulting in too many or negative collections Proof of Concept step1 . Open burp, click collection, a...

3.6CVSS6.6AI score0.0069EPSS
Exploits1
Prion
Prion
added 2023/01/01 8:15 a.m.20 views

Cross site request forgery (csrf)

perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address...

5CVSS5.2AI score0.00601EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/01/01 12:0 a.m.62 views

CVE-2022-45027

The CVE-2022-45027 issue affects perfSONAR prior to version 4.4.6. During participant discovery, the software incorrectly uses an HTTP request header value to determine the local address, which can affect how the local endpoint is identified during discovery. The available documents describe this...

5.3CVSS5.2AI score0.00601EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder