Lucene search
K

182 matches found

Vulnrichment
Vulnrichment
added 2023/08/17 6:24 p.m.17 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS7.8AI score0.00702EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.11 views

PT-2023-27376 · Opennms · Opennms Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38 Description: A BeanShe...

8.8CVSS7.5AI score0.00702EPSS
Exploits0References12
Rapid7 Blog
Rapid7 Blog
added 2023/06/07 8:17 p.m.22 views

Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode

Carlos Canto contributed to this article. Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download. Much of what went into this release was about expanding capabilities and improving workflows. We’ll now explore some of the interesting new features i...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/30 12:0 a.m.5 views

The vulnerability of the Server mode setting in the pgAdmin 4 database management tool allows a hacker to alter the settings of another user or the database itself.

The vulnerability of the Server mode of the pgAdmin 4 database management tool is related to shortcomings in the name restriction of the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to alter the settings of another user or the database...

3.1CVSS6.1AI score0.08826EPSS
Exploits0References7Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.6 views

SUSE CVE-2003-0962

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail...

7.5CVSS8.5AI score0.21157EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2006-6899

hidd in BlueZ bluez-utils before 2.25 allows remote attackers to obtain control of the 1 Mouse and 2 Keyboard Human Interface Device HID via a certain configuration of two HID PSM endpoints, operating as a server, aka HidAttack...

5.4CVSS6.9AI score0.03221EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.4 views

SUSE CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...

3.7CVSS6.8AI score0.02081EPSS
Exploits0References8
Fedora
Fedora
added 2022/10/28 11:16 a.m.36 views

[SECURITY] Fedora 36 Update: glances-3.3.0.1-2.fc36

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

7.5CVSS6.2AI score0.04658EPSS
Exploits1
Prion
Prion
added 2022/08/01 8:15 p.m.20 views

Design/Logic Flaw

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

7.5CVSS9.3AI score0.00641EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/01 7:50 p.m.4 views

CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

9.1CVSS9.6AI score0.00641EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2022/08/01 12:0 a.m.41 views

Improper Certificate Validation

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

9.8CVSS3.2AI score0.00641EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/07/29 10:24 p.m.15 views

GHSA-2CPX-6PQP-WF35 fs2-io skips mTLS client verification

Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...

9.8CVSS5.9AI score0.00641EPSS
Exploits1References7
Kitploit
Kitploit
added 2022/06/02 9:30 p.m.54 views

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

7.3AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/03/17 12:0 a.m.22 views

pgAdmin 4 Path Traversal vulnerability

When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques...

6.5CVSS7.4AI score0.00931EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2018:3162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.3AI score0.91789EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2020/09/02 12:0 a.m.36 views

EulerOS 2.0 SP5 : ntp (EulerOS-SA-2020-1927)

According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet wit...

7.5CVSS6.6AI score0.02081EPSS
Exploits0References2
Amazon
Amazon
added 2020/07/16 12:0 a.m.37 views

Medium: ntp

Issue Overview: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time change by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be ...

7.5CVSS6.4AI score0.04071EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/06/17 12:0 a.m.33 views

EulerOS 2.0 SP2 : ntp (EulerOS-SA-2020-1684)

According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet wit...

7.5CVSS6.6AI score0.02081EPSS
Exploits0References2
NVD
NVD
added 2020/04/17 4:15 a.m.26 views

CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...

7.5CVSS6.4AI score0.02081EPSS
Exploits0References8
OSV
OSV
added 2020/04/17 4:15 a.m.3 views

DEBIAN-CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...

7.5CVSS6.5AI score0.02081EPSS
Exploits0References1
Rows per page
Query Builder