Lucene search
+L

40 matches found

Code423n4
Code423n4
added 2022/01/21 12:0 a.m.12 views

Hardcoded seed phrase in sherlock-v2-core repo

Handle cryptphi Vulnerability details Impact The hardcoded mnemonic can lead to account compromise. Proof of Concept There exists hardcoded credentials in line This credentials can be used to takeover the wallet address used. Tools Used Github Recommended Mitigation Steps Avoid hardcoding...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/25 12:0 a.m.12 views

Incorrect internal balance bookkeeping

Handle walker Vulnerability details type: Incorrect Assumptions on External Systems The sherlock smart contract system uses internal bookkeeping of arbitrary ERC20 token balances. It doesn't assert that the ERC20 doesn't implement some non-standard behaviour. For example, deflationary tokens, or...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2021/03/29 12:0 a.m.4 views

sherlock SherlockIM 跨站脚本漏洞

sherlock SherlockIM is an application from sherlock USA. It is used to manage various conversations with customers in WhatsApp. Sherlock SherlockIM through 2021-03-29 A cross-site scripting vulnerability exists, which can be exploited by an attacker to attach URIs to api files...

6.1CVSS6AI score0.00853EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.9 views

Hgiga MailSherlock SQL注入漏洞

Hgiga MailSherlock is a set of enterprise mail audit system from Henderson Hgiga, China. HGiga MailSherlock suffers from a SQL injection vulnerability, which stems from the lack of validation of externally entered SQL statements in database-based applications, and can be exploited by an attacker ...

9.8CVSS6AI score0.00985EPSS
Exploits0References2
CNVD
CNVD
added 2021/01/04 12:0 a.m.4 views

HGiga MailSherlock SQL Injection Vulnerability

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can use this vulnerability to inject and execute SQL commands in the URL parameters of a specific cgi page...

7.6CVSS8.2AI score0.00598EPSS
Exploits0References1
OSV
OSV
added 2020/12/31 8:15 a.m.5 views

CVE-2020-35743

HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages...

7.6CVSS7.2AI score0.00598EPSS
Exploits0References1
OSV
OSV
added 2020/12/31 8:15 a.m.10 views

CVE-2020-35741

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...

6.1CVSS6.4AI score0.00611EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.9 views

MailSherlock 跨站脚本漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock failing to properly validate specific URL parameters. An attacker can exploit...

7CVSS5.7AI score0.00611EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/03/11 11:33 a.m.78 views

Sifter - A OSINT, Recon And Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit...

7.2AI score
Exploits0References2
OSV
OSV
added 2019/02/11 8:29 p.m.6 views

CVE-2018-17542

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...

5.3CVSS5.8AI score0.01229EPSS
Exploits0References2
OSV
OSV
added 2018/11/28 11:29 p.m.3 views

CVE-2018-17930

A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution...

9.8CVSS6.3AI score0.0726EPSS
Exploits0References3
NVD
NVD
added 2018/11/28 11:29 p.m.14 views

CVE-2018-17930

A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution...

10CVSS10AI score0.0726EPSS
Exploits0References3
Prion
Prion
added 2018/11/28 11:29 p.m.10 views

Stack overflow

A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution...

10CVSS9.9AI score0.0726EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/11/28 11:0 p.m.47 views

CVE-2018-17930

CVE-2018-17930 affects Teledyne DALSA Sherlock up to version 7.2.7.4 (and earlier). The vulnerability is a stack-based buffer overflow in Sherlock, which may allow remote code execution (per NVD, CVSSv3 base 9.8). The ICS advisory corroborates a stack-based buffer overflow (Affecting Sherlock 7.2...

10CVSS9.9AI score0.0726EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2018/11/27 12:0 a.m.16 views

Teledyne DALSA Sherlock Machine Vision Detection (Windows SMB Login)

SMB login-based detection of Teledyne DALSA Sherlock Machine Vision. Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Fre...

0.5AI score
Exploits0
ICS
ICS
added 2018/11/20 12:0 a.m.246 views

Teledyne DALSA Sherlock

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Teledyne DALSA Equipment: Sherlock Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may...

10CVSS9.9AI score0.0726EPSS
Exploits0References5
Kitploit
Kitploit
added 2017/04/06 2:12 p.m.33 views

Sherlock - Tool to find missing Windows patches for Local Privilege Escalation Vulnerabilities

PowerShell script to quickly find missing Microsoft patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring KiTrap0D MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32k NULL Page...

7.4AI score
Exploits0References1
xssed
xssed
added 2010/10/27 12:0 a.m.13 views

Unfixed XSS vulnerability at www.sherlockholmesmuseum.com

Security researcher alexalghisi, has submitted on 27/10/2010 a cross-site-scripting XSS vulnerability affecting www.sherlockholmesmuseum.com, which at the time of submission ranked 3818997 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Exploits0References1
Packet Storm
Packet Storm
added 2010/07/13 12:0 a.m.25 views

PHP-Nuke 8.1.0.3.5b Command Execution

PHP-Nuke REMEMBER TO ADD THE FINAL / TO THE HOSTNAME "; Change Here to Set your custom shell for example use system ; my $cookies = HTTP::Cookies-new; my $request = LWP::UserAgent-new; $request-agent"Mozilla 5/0"; $request-cookiejar$cookies; END VARS sub...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/04/18 12:0 a.m.81 views

[Full-disclosure] Firesearching 1 + 2 [Firefox 1.0.2]

Notice I really wonder why the Mozilla Foundation decided to release a serious security update on a friday night and to disclose the link to my proof-of-concept code so quickly. It wasn't intendet from my side to release this as a 0day exploit. Please complain to [email protected] if you...

Exploits0
Rows per page
Query Builder