Lucene search
K

114 matches found

Prion
Prion
added 2022/08/05 4:15 p.m.29 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...

5.5CVSS6.2AI score0.00971EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.5 views

PT-2022-17020 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 through 15.0.4 GitLab CE/EE versions 15.1 through 15.1.3 GitLab CE/EE versions 15.2 through 15.2.0 Description: An issue has been discovered in GitLab CE/EE where a malicious developer could exfiltrate an...

8.5CVSS6.5AI score0.00971EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/03/31 12:0 a.m.14 views

Content Injection

Content Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically use...

7.1AI score
Exploits0References2
wpexploit
wpexploit
added 2021/11/29 12:0 a.m.541 views

WP Mail Logging < 1.10.0 - Outdated Redux Framework

The plugin uses an outdated version of the Redux Framework, which is know to be affected by security issues CVE-2021-38312 and CVE-2021-38314, and could allow unauthenticated attackers to change some of the Framework settings by using CVE-2021-38314 The first endpoint we can identify is gathered...

7.1CVSS0.1AI score0.28961EPSS
Exploits7
Huntr
Huntr
added 2021/08/25 1:9 p.m.17 views

in froxlor/froxlor

✍️ Description The login form POST request can be hijacked so that the credentials will be sent to an external website, by modifying the login page URL. 🕵️‍♂️ Proof of Concept Change the login page URL to https://mydomain.com/index.php/evilsite.com Then the form action in the webpage will be...

0.5AI score
Exploits0References1
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.489 views

OpenEMR 5.0.1.3 - Authentication Bypass

Exploit Title: OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass Date 15.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: All versions prior to 5.0.1...

9.1CVSS9.4AI score0.25935EPSS
Exploits4
Veracode
Veracode
added 2019/12/02 7:9 a.m.21 views

Two-Factor Authentication Bypass

wagtail-2fa is vulnerable 2fa bypass. An attacker with knowledge of another user's Wagtail login credentials is able to bypass the 2FA verification by modifying the URL, and subsequently add a new device and gain full access to the CMS...

8.8CVSS4.5AI score0.01162EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2019/09/17 7:15 p.m.115 views

CVE-2019-6837

CVE-2019-6837 describes a Server-Side Request Forgery (SSRF) in Schneider Electric’s U.motion Server family (MEG6501-0001 U.motion KNX server; MEG6501-0002 U.motion KNX Server Plus; MEG6260-0410 U.motion KNX Server Plus; Touch 10; MEG6260-0415 Touch 15). The flaw allows an attacker to cause the s...

9.1CVSS9AI score0.00988EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/09/11 9:15 p.m.23 views

CVE-2019-15302

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker who has access to a Rich Text pad with editing rights for the URL to corrupt it i.e., cause data loss via a trivial URL modification...

6.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2019/09/11 9:15 p.m.21 views

Design/Logic Flaw

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker who has access to a Rich Text pad with editing rights for the URL to corrupt it i.e., cause data loss via a trivial URL modification...

5.5CVSS6.4AI score0.01358EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/11 8:38 p.m.19 views

CVE-2019-15302

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker who has access to a Rich Text pad with editing rights for the URL to corrupt it i.e., cause data loss via a trivial URL modification...

6.4AI score0.01358EPSS
Exploits0References2
CVE
CVE
added 2019/09/11 8:38 p.m.46 views

CVE-2019-15302

The CVE-2019-15302 issue affects XWiki Labs CryptPad prior to 3.0.0. The pad management logic for Rich Text pads allows a remote attacker with editing rights for a pad’s URL to corrupt the pad (data loss) via a trivial URL modification. The description notes the vulnerability outcome as data loss...

6.5CVSS6.3AI score0.01358EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/09/02 12:0 a.m.5 views

WordPress nd-booking Plugin Unauthorized Operation Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-booking is an online reservation management plugin used in it. A security vulnerability exists in WordPress nd-booking plugin befor...

6.1CVSS6.6AI score0.01731EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/03/08 4:1 p.m.19 views

Dropbox: URL modification changes server side behavior to allow access

@itay658 discovered that adding "?dl=1" allows files to be downloaded, even if they were blocked with error 429. The bug has been fixed and pushed out...

3.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2018/11/11 5:29 a.m.32 views

CVE-2018-19142

Open Ticket Request System OTRS 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL...

4.8CVSS5.8AI score0.00547EPSS
Exploits0References2
Prion
Prion
added 2017/05/01 6:59 a.m.12 views

Default credentials

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...

5CVSS5.3AI score0.00765EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/05/01 6:59 a.m.18 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...

5.3CVSS5.3AI score0.00765EPSS
Exploits0References2
OSV
OSV
added 2017/05/01 6:59 a.m.19 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...

5.3CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2017/05/01 6:8 a.m.46 views

CVE-2017-8385

CVE-2017-8385 affects Craft CMS prior to 2.6.2976. The vulnerability is that the forgot-password email URL can be modified by an attacker, indicating a URL forgery/URL tampering issue within the password-reset flow. The available documented impact is the ability to alter the reset URL, with no ex...

5.3CVSS5.2AI score0.00765EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/05/01 6:8 a.m.24 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...

5.2AI score0.00765EPSS
Exploits0References2
Rows per page
Query Builder