CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

5294 matches found

Positive Technologies•added 2016/11/30 12:0 a.m.•8 views

PT-2016-7778 · Boa · Boa Web Server

Name of the Vulnerable Software and Affected Versions: Boa Webserver version 0.92r Description: The issue is related to a buffer overflow in the send redirect function, which can be triggered by remote attackers through an HTTP GET request. This request must contain a long URI with only '/' and '...

7.5CVSS7.7AI score0.01437EPSS

Exploits1References3

exploitpack•added 2016/11/30 12:0 a.m.•30 views

Xitami Web Server 5.0a0 - Denial of Service

Xitami Web Server 5.0a0 - Denial of Service !/usr/bin/env python X5 Webserver 5.0 Remote Denial Of Service Exploit Vendor: iMatrix Product web page: http://www.xitami.com Affected version: 5.0a0 Summary: X5 is the latest generation web server from iMatix Corporation. The Xitami product line...

Packet Storm•added 2016/11/30 12:0 a.m.•51 views

X5 Webserver 5.0 Remote Denial Of Service

!/usr/bin/env python X5 Webserver 5.0 Remote Denial Of Service Exploit Vendor: iMatrix Product web page: http://www.xitami.com Affected version: 5.0a0 Summary: X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix'...

Zero Science Lab•added 2016/11/30 12:0 a.m.•42 views

X5 Webserver 5.0 Remote Denial Of Service Exploit

Summary X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines, it is much more scalable than Xitami/2. Description The vulnerability...

Exploit DB•added 2016/11/30 12:0 a.m.•52 views

Xitami Web Server 5.0a0 - Denial of Service

!/usr/bin/env python X5 Webserver 5.0 Remote Denial Of Service Exploit Vendor: iMatrix Product web page: http://www.xitami.com Affected version: 5.0a0 Summary: X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix'...

Hacker One•added 2016/11/29 10:10 a.m.•9 views

U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

A misconfigured Department of Defense webserver improperly disclosed application information. @clizsec was able to demonstrate this vulnerability by crafting a specially formatted URL...

Hacker One•added 2016/11/28 8:58 p.m.•20 views

U.S. Dept Of Defense: SQL Injection vulnerability on a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive financial information. korprit was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks korprit!...

Hacker One•added 2016/11/22 9:26 p.m.•15 views

U.S. Dept Of Defense: RCE on a Department of Defense website

A misconfigured webserver hosted by the Department of Defense allowed the execution of local shell commands. dawgyg was able to demonstrate this vulnerability by crafting a particularly formatted URL. Thanks dawgyg!...

Hacker One•added 2016/11/20 6:36 a.m.•24 views

WordPress: [Buddypress] Arbitrary File Deletion through bp_avatar_set

Hi, The bpavatarset action in BuddyPress when cropping avatars allows an attacker to arbitrarily delete a file the webserver can delete through the 'originalfile' parameter. For example: Create a user on a Buddypress-powered Wordpress instance any user is OK, doesn't need to be admin, just needs ...

exploitpack•added 2016/11/18 12:0 a.m.•25 views

Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow

Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 PanOS uses a modified version of the appweb3 embedde...

seebug.org•added 2016/11/08 12:0 a.m.•12 views

Loopcomm WLAN AP Webserver 未授权访问漏洞

No description provided by source...

ThreatPost•added 2016/11/03 3:15 p.m.•43 views

Outlook Web Access Two-Factor Authentication Bypass Exists

Enterprises running Exchange Server have been operating under a false sense of security with regard to two-factor authentication implementations on Outlook Web Access OWA adding an extra layer of protection. A design weakness has been exposed that can allow an attacker to easily bypass 2FA and...

9.3CVSS0.99945EPSS

Exploits33References1

n0where•added 2016/10/09 4:42 a.m.•202 views

Tunnel TCP connections over HTTP: Tunna

Tunnel TCP connections over HTTP Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. In a fully firewalled inbound and outbound connections restricted – except the webserver port. The...

Exploits0References1

CNVD•added 2016/09/29 12:0 a.m.•3 views

Aternity Remote Code Execution Vulnerability

Aternity webserver is a web server from the American company Aternity. A remote code execution vulnerability exists in Aternity 9 and prior versions of the web server, which stems from the program failing to require authentication for getMBeansFromURL to download Java Mbeans. A remote attacker ca...

9.8CVSS8.6AI score0.03898EPSS

Exploits0References1

Packet Storm•added 2016/09/19 12:0 a.m.•54 views

ShoreTel Connect ONSITE Blind SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ShoreTel Connect ONSITE Blind SQL Injection Vulnerability ======================================================================= vulnerability type: Unauthenticated Blind SQL Injection product: ShoreTel Connect ONSITE vulnerable version: 20.xx.xxxx...

exploitpack•added 2016/09/19 12:0 a.m.•16 views

ShoreTel Connect ONSITE - Blind SQL Injection

ShoreTel Connect ONSITE - Blind SQL Injection Exploit Title: ShoreTel Connect ONSITE Blind SQL Injection Vulnerability Date: 19-09-2016 Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview Exploit Author: Iraklis Mathiopoulos Contact: https://twitter.com/imath...

Exploit DB•added 2016/09/19 12:0 a.m.•24 views

ShoreTel Connect ONSITE - Blind SQL Injection

Exploit Title: ShoreTel Connect ONSITE Blind SQL Injection Vulnerability Date: 19-09-2016 Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview Exploit Author: Iraklis Mathiopoulos Contact: https://twitter.com/imath Website: https://medium.com/@iraklis Category:...

Packet Storm•added 2016/09/08 12:0 a.m.•32 views

SugarCRM REST Unserialize PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This module exploits a PHP Object Injection vulnerability in...

0day.today•added 2016/09/07 12:0 a.m.•30 views

SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...

exploitpack•added 2016/09/07 12:0 a.m.•18 views

SugarCRM 6.5.23 - REST PHP Object Injection (Metasploit)

SugarCRM 6.5.23 - REST PHP Object Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by