Lucene search
K

67 matches found

Cvelist
Cvelist
added 2024/10/02 10:12 a.m.34 views

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

6.5CVSS0.00185EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/07/10 12:30 a.m.24 views

BookStack Incorrect Access Control vulnerability

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

7.5CVSS6.8AI score0.00646EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/05/07 3:15 p.m.5 views

CVE-2024-32370

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component...

9.8CVSS5.8AI score0.01043EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.285 views

PHPJabbers Cinema Booking System 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Cinema Booking System v1.0 - Reflected Cross-Site Scripting Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cinema-booking-system/sectionDemo Version: v1.0...

7.4AI score0.00395EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.423 views

PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Cleaning Business Software v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0...

7.4AI score0.00339EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.301 views

PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1....

7.4AI score0.0039EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.4 views

PT-2023-23284 · Unknown · Sesami Cash Point & Transport Optimizer

Name of the Vulnerable Software and Affected Versions: Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. This is a Cross Site...

4.8CVSS5.4AI score0.00436EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

South River Technologies TitanFTP NextGen Security Vulnerability

South River Technologies TitanFTP NextGen South River Technologies Titan FTP NextGen is a natively supported cluster for high availability and failover SFTP/ FTP server. A security vulnerability exists in South River Technologies TitanFTP NextGen versions prior to 2.0.18, which stems from a defau...

9.1CVSS6.4AI score0.01481EPSS
Exploits2References3
Prion
Prion
added 2023/09/21 4:15 p.m.27 views

Path traversal

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

5.5CVSS8.2AI score0.00571EPSS
Exploits0References4Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/06 12:0 a.m.20 views

Apache RocketMQ Command Execution Vulnerability

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

9.8CVSS7.2AI score0.96604EPSS
In wildExploits11
NVD
NVD
added 2023/06/20 8:15 a.m.23 views

CVE-2023-26427

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known...

3.3CVSS3.9AI score0.00329EPSS
Exploits0References4
NVD
NVD
added 2023/05/24 3:15 p.m.30 views

CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS9.8AI score0.96604EPSS
Exploits11References7
Prion
Prion
added 2023/05/24 3:15 p.m.23 views

Design/Logic Flaw

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

7.5CVSS9.6AI score0.96604EPSS
Exploits11References3Affected Software1
CVE
CVE
added 2023/05/24 2:45 p.m.434 views

CVE-2023-33246

CVE-2023-33246 affects Apache RocketMQ 5.1.0 and earlier. The vulnerability arises from leakage of NameServer, Broker, and Controller on the extranet with insufficient permission verification, allowing an attacker to trigger remote code execution by using the update configuration function or by f...

9.8CVSS9.9AI score0.96604EPSS
In wildExploits11References7Affected Software1
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.23 views

Using memory instead of storage in 'redeemPositions' will result in incorrect LP Balance

Lines of code Vulnerability details Impact This bug could lead to a situation where a user can 'redeem' their positions without the associated liquidity positions LPs being properly reset. This could result in the user being able to artificially inflate their LP balance, which could lead to...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.8 views

Zoom Rooms 安全漏洞

Zoom Rooms is a software-based conferencing system from Zoom USA. A system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. A security vulnerability exists in Zoom Rooms Installer for Windows versions prior to 5.12.6. An attacker can exploit the...

7.8CVSS7.5AI score0.00288EPSS
Exploits0References3
Prion
Prion
added 2022/07/06 6:15 p.m.14 views

Design/Logic Flaw

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

4CVSS4.7AI score0.00723EPSS
Exploits1References3Affected Software1
Openbugbounty
Openbugbounty
added 2022/07/01 10:15 p.m.20 views

thuvienbatdongsan.vn Cross Site Scripting vulnerability OBB-2706067

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/04/19 3:15 p.m.14 views

armbrust-homestaging.de Cross Site Scripting vulnerability OBB-2528426

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/04/12 11:40 p.m.12 views

oai.normannia.info Cross Site Scripting vulnerability OBB-2501840

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Rows per page
Query Builder