5296 matches found
Cross site scripting
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0...
CVE-2022-27920
The CVE-2022-27920 entry affects libkiwix (versions 10.0.0 and 10.0.1) with an XSS flaw in the built‑in webserver through the search suggestions URL parameter. The root cause involves improper handling of that URL parameter, enabling cross-site scripting. The vulnerability is fixed in version 10....
CVE-2022-27920
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0...
CVE-2022-27920
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0...
CVE-2022-24281
A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...
Command injection
A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...
CVE-2022-24281
A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...
CVE-2022-24281
A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...
PyShell - Multiplatform Python WebShell
PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating syste...
Backdoor.Win32.BluanWeb Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78defB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BluanWeb Vulnerability: Information Disclosure Description: The malware "BlueAngel F...
Backdoor.Win32.BluanWeb Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78defC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BluanWeb Vulnerability: Unauthenticated Remote Command Execution Description: The...
Design/Logic Flaw
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 iLO 4 firmware versions: Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with...
Dbltek GoIP - Local File Inclusion Vulnerability
Exploit Title: Dbltek GoIP - Local File Inclusion Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a VoIP-GSM gateway...
Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion
Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...
Dbltek GoIP - Local File Inclusion
Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...
GHSA-X832-R2RJ-4G5P SSRF in Kitodo.Presentation
An issue was discovered in the Kitodo.Presentation aka dlf extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...
CVE-2022-24980
An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...
CVE-2022-24980
An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...
CVE-2022-24980
An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials
Checkmarx Plugin 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stor...