Lucene search
K

64 matches found

Citrix
Citrix
added 2024/07/13 12:0 a.m.7 views

How to Set Up Syslog to Capture Logs Real Time on a Central Location

This article describes how set up a Syslog server when you are experiencing issues across multiple XenServers and need to capture logs real-time on a central location...

7.1AI score
Exploits0
OSV
OSV
added 2024/02/26 4:22 p.m.27 views

GHSA-XRVH-RVC4-5M43 Kirby vulnerable to unrestricted file upload of user avatar images

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. The attack requires user interaction by another user or visitor and cannot be automated. ---- Introduction Unrestricted upload of files with a dangerous type is a type o...

4.6CVSS8.5AI score0.00966EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/22 12:0 a.m.6 views

NVIDIA DGX-2 安全漏洞

The NVIDIA DGX-2 is a high-performance workstation for deep learning from NVIDIA, Inc. The NVIDIA DGX-2™ is NVIDIA's first 2 petaFLOPS appliance to integrate 16 NVIDIA V100 Tensor core GPUs, making it an excellent platform for tackling complex AI challenges. A security vulnerability exists in...

7.5CVSS5.2AI score0.0015EPSS
Exploits0References2
Kitploit
Kitploit
added 2023/04/18 12:30 p.m.40 views

Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp

This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it'...

7.5AI score
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2023/04/07 6:0 a.m.51 views

Free VPN Amnezia Helps Users Avoid Censorship in Russia

Amnezia, a free virtual private network, allows users to set up their own servers, making it harder for Moscow to block this portal to the outside world...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/17 2:16 p.m.16 views

“Don’t touch that server. Ralf set that up, and we don’t know what it does.”

Based on a true story… More than a couple of decades ago, I went to work for a network and web company as their customer marketing department. It was a crazy time. Online marketing was all about getting on DMOZ, Lycos was still a puppy, asking Jeeves felt like talking to an AI, and how you laid o...

6.4AI score
Exploits0
Kitploit
Kitploit
added 2022/06/11 12:30 p.m.37 views

WhiteBeam - Transparent Endpoint Security

Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development focused on all platforms incl. legacy and architectures Source available: Audits welcome Reviewed by security researchers with...

7.3AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:5 p.m.55 views

keycloak vulnerable to unauthorized login via mail server setup

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...

9.1CVSS3.9AI score0.01718EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2022/05/16 12:0 a.m.19 views

HCL Technologies HCL Verse Information Disclosure Vulnerability

HCL Technologies HCL Verse is a mobile application from HCL Technologies India that allows access to emails and life plan management.A security vulnerability exists in versions of HCL Technologies HCL Verse for Android prior to version 12.0.9, which stems from a server setup and login process in...

4.3CVSS1.8AI score0.003EPSS
Exploits0
OSV
OSV
added 2022/05/12 10:15 p.m.4 views

CVE-2021-27768

Using the ability to perform a Man-in-the-Middle MITM attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode...

5.9CVSS6.2AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.7 views

HCL Technologies HCL Verse 信任管理问题漏洞

HCL Technologies HCL Verse is a mobile application from HCL Technologies India that allows access to emails and life plan management.A security vulnerability exists in versions of HCL Technologies HCL Verse for Android prior to version 12.0.9, which stems from a server setup and login process in...

6.3CVSS6AI score0.003EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2021/12/10 2:22 p.m.440 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Northwave Log4j CVE-2021-44228 checker Friday 10 December 202...

10CVSS9.5AI score0.99999EPSS
Exploits348
Kitploit
Kitploit
added 2021/09/16 1:13 p.m.1957 views

CVE-2021-40444 PoC - Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

Malicious docx generator to exploit CVE-2021-40444 Microsoft Office Word Remote Code Execution Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 docx file You need to install lcab first...

8.8CVSS7.8AI score0.96843EPSS
Exploits38References1
Kitploit
Kitploit
added 2020/10/17 8:30 p.m.39 views

Simple-Live-Data-Collection - Simple Live Data Collection Tool

How it works? 1- Build server 2- Connect with admin and client to server 3- To collect information, send the request to the server through the admin, and then to the client Installation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd server python main.py Admin cd...

7.3AI score
Exploits0References1
Prion
Prion
added 2020/01/29 4:15 p.m.17 views

Cross site scripting

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...

3.5CVSS5.4AI score0.00949EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/01/17 2:15 a.m.22 views

CVE-2019-19802

In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...

6.5CVSS6.5AI score0.00752EPSS
Exploits0References1
Prion
Prion
added 2020/01/17 2:15 a.m.18 views

Privilege escalation

In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...

4CVSS6.4AI score0.00752EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2019/12/02 5:4 p.m.2 views

keycloak: keycloak uses hardcoded open dummy domain for new accounts enabling information disclosure

A flaw was found in Keycloak. The use of an open hard-coded domain can allow an unauthorized login by setting up a mail server and resetting the user credentials, enabling information disclosure...

9.1CVSS5.7AI score0.01718EPSS
Exploits1References4
Hacker One
Hacker One
added 2019/03/31 7:25 a.m.30 views

Ruby on Rails: File writing by Directory traversal at actionpack-page_caching and RCE by it

I found a directory traversal in actionpack-pagecaching. Some code may lead to RCE. https://github.com/rails/actionpack-pagecaching/blob/master/lib/actioncontroller/caching/pages.rbL143 ruby def cachefilepath, extension if path.empty? || path = %r\A/+\z name = "/index" else name =...

7.5CVSS0.0525EPSS
Exploits0
CNVD
CNVD
added 2019/02/13 12:0 a.m.4 views

Joomla! cross-site scripting vulnerability (CNVD-2019-15994)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! versions prior to 3.9.3,...

6.1CVSS6.2AI score0.00793EPSS
Exploits0References1
Rows per page
Query Builder