5296 matches found
CVE-2020-17526
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
CVE-2020-17526
Apache Airflow Webserver prior to version 1.10.14 with the default [webserver] secret_key allows an authenticated user on one site to access an unauthorized Webserver session on another site via session validation bypass. Affected component is the Webserver authentication mechanism; root cause is...
Apache Airflow Webserver 安全漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow Webserver versions prior to 1.10....
PT-2020-6687 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.14 Description: The issue is related to incorrect session validation in the Apache Airflow web server, caused by the use of a default configuration that includes a pre-set secret key. This allows a...
CVE-2020-28220
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware All versions prior to V5.0.4.11 and SoMachine/SoMachine Motion software All versions, that could cause a buffer overflow when the length of a file transferred to the...
CVE-2020-28220
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware All versions prior to V5.0.4.11 and SoMachine/SoMachine Motion software All versions, that could cause a buffer overflow when the length of a file transferred to the...
Design/Logic Flaw
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware All versions prior to V5.0.4.11 and SoMachine/SoMachine Motion software All versions, that could cause a buffer overflow when the length of a file transferred to the...
CVE-2020-28220
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware All versions prior to V5.0.4.11 and SoMachine/SoMachine Motion software All versions, that could cause a buffer overflow when the length of a file transferred to the...
Remote Code Execution (RCE)
red-dashboard is vulnerable to remote code execution RCE. A discord user with malicious Server names and Usernames/Nicknames is able to inject code into the webserver front-end code...
CVE-2020-26249
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
CVE-2020-26249
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
PYSEC-2020-98
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
Impact A RCE exploit has been discovered in the Red Discord Bot - Dashboard Webserver: this exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive...
CVE-2020-26249 Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
CVE-2020-28946
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...
CVE-2020-28946
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...
Cross site request forgery (csrf)
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...
CVE-2020-28946
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...
CVE-2020-28946
The CVE-2020-28946 entry concerns Plum IK-401 devices with firmware prior to 1.02. The issue is an improper webserver configuration that, when the device is reachable over the network, allows unauthenticated retrieval of the configuration file, including hashed credential data, via a single GET r...
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
Exploit Title: Online Matrimonial Project 1.0 - Authenticated Remote Code Execution Exploit Author: Valerio Alessandroni Date: 2020-10-07 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-matrimonial-project-in-php/ Source Link:...