Lucene search
K

144 matches found

Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.9 views

PT-2024-34657 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.10.2 Description: OctoPrint provides a web interface for controlling consumer 3D printers. The issue allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browse...

6.5CVSS6.5AI score0.00282EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2024/10/01 8:31 p.m.23 views

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to the execution of malicious code in the context of other users'...

7.5CVSS5.6AI score0.0049EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/08/21 4:15 p.m.23 views

CVE-2024-39344

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The ApttusDocuApiDocusignAuthenticationmdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when install...

8.1CVSS0.005EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/19 2:47 p.m.9 views

CVE-2024-6895 Insecure Account Profile Management

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...

6.1CVSS6.9AI score0.0024EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/05/21 6:35 p.m.431 views

Exploit for CVE-2024-11318

CVE-2024-11318 IDOR - AbsysNet 2.3.1 User Hijacking --- DI...

7.5CVSS6.9AI score0.0087EPSS
Exploits1
PyPA
PyPA
added 2023/12/13 10:15 a.m.11 views

PYSEC-2023-294

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

6.3CVSS6.4AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/02/09 11:15 p.m.4 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS5.9AI score0.00604EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.6 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS6.6AI score0.00604EPSS
Exploits0References2
NVD
NVD
added 2022/02/09 11:15 p.m.26 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS0.00604EPSS
Exploits0References1
CVE
CVE
added 2022/02/09 10:3 p.m.119 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 is affected by a vulnerability where an authenticated user can inject persistent JavaScript in the User-Agent header at login. When an administrator visits the User Sessions tab, the injected script is executed, enabling session compromise of the administrator. The availa...

5.4CVSS5.4AI score0.03033EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/12/10 12:0 a.m.21 views

Unspecified vulnerability in tmate-ssh-server

Tmate-Ssh-Server is a Tmate Ssh server. tmate-ssh-server suffers from a security vulnerability that could be exploited by an attacker to compromise the integrity of session processing or to obtain read and write session IDs from read-only session symbolic links in this directory...

7CVSS4.1AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2021/12/07 3:15 a.m.1 views

DEBIAN-CVE-2021-44512

World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory...

7CVSS7AI score0.00254EPSS
Exploits0References1
Huntr
Huntr
added 2021/09/14 3:11 p.m.14 views

Cross-site Scripting (XSS) - DOM in mineweb/minewebcms

✍️ Description A malicious actor is able to add a malicious payload as a new Navigation Bar Link Title, and after every time any users visit the main root page of the website, the XSS payload is executed and the session of whoever visits the site is compromised. 🕵️‍♂️ Proof of Concept 1; Create a...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/09/14 2:34 p.m.7 views

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add a malicious payload as a new Page Title, and after every time any administrative user visits the /admin/pages route, the XSS payload is executed. Proof of Concept 1;Create a new Page at the following route: /admin/pages/add. Use the following payload a...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/09/12 5:30 p.m.16 views

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

✍️ Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. 🕵️‍♂️ Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...

2.1AI score
Exploits0
CNVD
CNVD
added 2021/03/22 12:0 a.m.7 views

FTAPI Cross-Site Scripting Vulnerability

FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...

4.8CVSS6.1AI score0.0056EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/19 12:0 a.m.4 views

FTAPI SecuTransfer 跨站脚本漏洞

FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...

4.8CVSS5.2AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2019/10/01 5:15 p.m.5 views

UBUNTU-CVE-2019-17068

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content...

7.5CVSS5.8AI score0.01806EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2018/11/01 3:44 p.m.486 views

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

A proof-of-concept PoC attack details how an attacker can gain access a victim’s Microsoft Live webmail session, without having the person’s credentials. It relies upon the hijack of a Microsoft-owned Live.com website subdomain. The PoC, developed by CyberInt, demonstrates what it characterizes a...

7.5AI score
Exploits0References2
NVD
NVD
added 2018/09/28 8:29 p.m.13 views

CVE-2018-9080

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...

5.9CVSS5.7AI score0.00727EPSS
Exploits0References1
Rows per page
Query Builder