2886 matches found
commix
This is an automated all-in-one OS command injection exploitation tool. It is designed to automate the detection and exploitation of command injection vulnerabilities. The tool is written in Python and is available on GitHub under the GPLv3 license. It can be installed by cloning the official Git...
PT-2025-32003 · Fiber · Fiber
Name of the Vulnerable Software and Affected Versions: Fiber versions 2.52.8 and below Description: Fiber is an Express inspired web framework written in Go. When using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704...
PoC_Vuldb
It is an offensive tool for web applications. The repository app...
The vulnerability of the resize() and text() methods of the ImageMagick framework, which are used for developing web systems and CodeIgniter applications, allows attackers to load arbitrary files.
The vulnerability of the resize and text methods of the ImageMagick framework used for developing web systems and CodeIgniter applications relates to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote...
RLSA-2025:8844 Important: mod_security security update
ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Dictionary-Of-Pentesting
This repository is an offensive tool for bug bounty hunting and penetration testing, specifically a dictionary collection project for various types of attacks, including Pentesing, Fuzzing, Bruteforce, and BugBounty. The primary target product/service is not explicitly stated, but the repository...
command-injection-payload-list
It is an offensive tool for web application security. The primary CVE ID is not explicitly mentioned, but the description pertains to OS command injection vulnerabilities. The target product/service is web applications, and the vulnerability class/vector is OS command injection. Notable...
PT-2025-30201 · Unknown · Enterprise Web Applications
Name of the Vulnerable Software and Affected Versions: Enterprise Web Applications affected versions not specified Description: The software contains a Server-Side Request Forgery SSRF flaw. This issue allows an attacker to potentially make requests on behalf of the server, potentially accessing...
CVE-2023-38327
The CVE-2023-38327 issue affects eGroupWare version 17.1.20190111. Affected component is the calendar/freebusy.php endpoint, where an unauthenticated remote attacker can enumerate web application users based on server response. The vulnerability is a user enumeration flaw with a CVSS v3.1 base sc...
Modeling CORS frameworks with CodeQL to find security vulnerabilities
There are many different types of vulnerabilities that can occur when setting up CORS for your web application, and insecure usage of CORS frameworks and logic errors in homemade CORS implementations can lead to serious security vulnerabilities that allow attackers to bypass authentication. What'...
CVE-Issues
It is an offensive tool for web applications. The repository app...
PT-2025-27593 · WordPress · Amazon Products To Woocommerce
Name of the Vulnerable Software and Affected Versions: Amazon Products to WooCommerce plugin for WordPress versions prior to 1.2.8 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query an...
CVE-2025-40710
Host Header Injection HHI vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Ho...
RHEL 8 : mod_security (RHSA-2025:8674)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8674 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...
[SECURITY] Fedora 41 Update: dotnet8.0-8.0.117-1.fc41
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
Important: Red Hat Security Advisory: mod_security security update
An update for modsecurity is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: mod_security security update
ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Important: Red Hat Security Advisory: mod_security security update
An update for modsecurity is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Important: Red Hat Security Advisory: mod_security security update
An update for modsecurity is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
[SECURITY] Fedora 41 Update: mod_security-2.9.9-1.fc41
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...