Lucene search
+L

692 matches found

vulnersOsv
vulnersOsv
added 2021/12/10 5:24 p.m.4 views

@cscharpf/minio-client-versioned (>=1.0.0 <=1.0.8), @iliad.dev/strapi-adapter (>=0.0.43 <=0.2.2) +46 more potentially affected by CVE-2021-25953 via putil-merge (>=1.2.0 <=3.13.0)

putil-merge NPM version =1.2.0, =1.0.0, =0.0.43, =0.6.0, =0.12.0, =0.6.0, =0.6.0, =0.6.0, =1.0.0-beta.3, =0.6.0, =0.10.0, =0.6.0, =0.93.1, =4.0.1, =4.0.1, =5.0.4 and more Source cves: CVE-2021-25953 Source advisory: OSV:GHSA-9X7M-9HPG-XXMW...

9.8CVSS7.8AI score0.02961EPSS
Exploits1
OSV
OSV
added 2021/12/10 5:22 p.m.30 views

GHSA-49VV-6Q7Q-W5CF Duplicate Advisory: OS Command Injection in Strapi

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...

7.2CVSS7.2AI score0.54081EPSS
Exploits11References6
Github Security Blog
Github Security Blog
added 2021/12/10 5:22 p.m.48 views

Duplicate Advisory: OS Command Injection in Strapi

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...

9CVSS7.2AI score0.54081EPSS
Exploits11References6Affected Software1
OSV
OSV
added 2021/12/10 5:22 p.m.67 views

GHSA-23FP-FMRV-F5PX Uncontrolled Resource Consumption in strapi

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application...

4.9CVSS5.1AI score0.01145EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2021/10/12 2:16 p.m.186 views

Exploit for Cross-Site Request Forgery (CSRF) in Cisco Industrial_Network_Director

PoC exploit for CVE-2019-18818, an unauthenticated password rese...

9.8CVSS7.3AI score0.97639EPSS
Exploits13
Check Point Advisories
Check Point Advisories
added 2021/10/10 12:0 a.m.104 views

Strapi Remote Code Execution (CVE-2019-19609)

A remote code execution vulnerability exists in Strapi framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS7.8AI score0.54081EPSS
Exploits11
OSV
OSV
added 2021/10/06 5:48 p.m.14 views

GHSA-37HX-4MCQ-WC3H Weak Password Recovery Mechanism for Forgotten Password in Strapi

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...

8.1CVSS8.1AI score0.0128EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2021/10/06 5:48 p.m.9 views

@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.3) +9 more potentially affected by CVE-2021-28128 via strapi (>=2.0.2 <=3.3.4)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2021-28128 Source advisory: OSV:GHSA-37HX-4MCQ-WC3H...

8.1CVSS7.2AI score0.0128EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/10/06 5:48 p.m.50 views

Weak Password Recovery Mechanism for Forgotten Password in Strapi

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...

8.1CVSS3.9AI score0.0128EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2021/09/11 6:53 a.m.73 views

Exploit for OS Command Injection in Strapi

CVE-2019-19609 Strapi Remote Code...

9CVSS1AI score0.54081EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/08/31 12:0 a.m.173 views

Strapi 3.0.0-beta Authentication Bypass

Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "[email protected]...

9.8CVSS0.7AI score0.97639EPSS
Exploits13
GithubExploit
GithubExploit
added 2021/08/30 3:5 a.m.78 views

Exploit for OS Command Injection in Strapi

CVE-2019-19609 Strap...

9CVSS3.4AI score0.54081EPSS
Exploits11
0day.today
0day.today
added 2021/08/30 12:0 a.m.261 views

Strapi 3.0.0-beta - Set Password (Unauthenticated) Exploit

Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "email protecte...

9.8CVSS0.4AI score0.97639EPSS
Exploits13
Packet Storm
Packet Storm
added 2021/08/30 12:0 a.m.275 views

Strapi 3.0.0-beta.17.7 Remote Code Execution

Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...

9CVSS0.1AI score0.54081EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/08/30 12:0 a.m.343 views

Strapi CMS 3.0.0-beta.17.4 Remote Code Execution

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.97639EPSS
Exploits21
0day.today
0day.today
added 2021/08/30 12:0 a.m.170 views

Strapi 3.0.0-beta.17.7 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...

9CVSS0.4AI score0.54081EPSS
Exploits11
0day.today
0day.today
added 2021/08/30 12:0 a.m.337 views

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-18818, CVE-2019-19609...

9.8CVSS0.2AI score0.97639EPSS
Exploits21
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.1425 views

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.97639EPSS
Exploits21
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.299 views

Strapi 3.0.0-beta - Set Password (Unauthenticated)

Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "[email protected]...

9.8CVSS9.5AI score0.97639EPSS
Exploits13
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.400 views

Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...

9CVSS7.1AI score0.54081EPSS
Exploits11
Rows per page
Query Builder