Lucene search
+L

96 matches found

Atlassian
Atlassian
added 2022/03/04 1:52 a.m.62 views

CVE-2021-43954: File and network resource enumeration via SSRF in DefaultRepositoryAdminService

Affected versions of Atlassian Fisheye and Crucible allow remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery SSRF vulnerability in the DefaultRepositoryAdminService class. When runni...

4.3CVSS5AI score0.00754EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/02/24 6:27 p.m.6 views

CVE-2020-14480

Due to usernames/passwords being stored in plaintext in Random Access Memory RAM, a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials...

5.4AI score0.00273EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2021/12/03 9:53 p.m.46 views

Who Is the Network Access Broker ‘Babam’?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials -- such as usernames and passwords needed to remotely connect to the...

7AI score
Exploits0
Citrix
Citrix
added 2021/11/17 12:0 a.m.10 views

Unable to create new machine using PVS console. - MAPI Error: Invalid or insufficient credentials. [Could not authenticate session. Check your access credentials and try again

When attempting to create a new machines or update existing ones, we get the errorUnable to create new machine using PVS console. - MAPI Error: Invalid or insufficient credentials. Could not authenticate session. Check your access credentials and try again...

7.1AI score
Exploits0
OSV
OSV
added 2021/10/06 8:15 p.m.5 views

CVE-2021-34744

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of...

4.9CVSS5.9AI score0.00725EPSS
Exploits0References1
Prion
Prion
added 2021/05/20 12:15 p.m.13 views

Design/Logic Flaw

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...

5CVSS7.9AI score0.00452EPSS
Exploits0References1
Atlassian
Atlassian
added 2021/03/01 8:35 p.m.28 views

Blind SSRF in widgetConnector - CVE-2021-26072

Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...

4.3CVSS4.5AI score0.38845EPSS
Exploits0
Exploit DB
Exploit DB
added 2020/09/02 12:0 a.m.120 views

Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)

!/usr/bin/python3 Exploit Title: Rukovoditel 2.7.1 - Remote Code Execution Authenticated Exploit Author: @danyx07 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: Rukovoditel -p you can provide credentials, load the image with PHP...

9.8CVSS9.7AI score0.26778EPSS
Exploits4
NVD
NVD
added 2020/08/12 2:15 p.m.22 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS6.3AI score0.00836EPSS
Exploits0References2
Atlassian
Atlassian
added 2020/06/23 4:27 p.m.46 views

SSRF in Webhooks - CVE-2020-14170

Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource...

4.3CVSS4.6AI score0.00829EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/19 1:56 a.m.108 views

SSRF in Dashboard & Gadgets - CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...

5.3CVSS4.8AI score0.00998EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/06/19 1:56 a.m.44 views

SSRF in Dashboard & Gadgets - CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...

5.3CVSS4.8AI score0.00998EPSS
Exploits0
GithubExploit
GithubExploit
added 2020/01/02 11:44 a.m.271 views

Exploit for SQL Injection in Redmine

CVE-2019-18890 CVE-2019-18890 POC Proof of Concept REDMINE...

6.5CVSS7.1AI score0.04338EPSS
Exploits2
CNVD
CNVD
added 2019/09/26 12:0 a.m.6 views

Cisco IOS XE CTS PAC Configuration Denial of Service Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. A denial of service vulnerability exists in the Cisco TrustSec CTS Protected Access Credentials PAC configuration module of Cisco IOS XE. The vulnerability stems from improper validation of attributes in RADIUS...

8.6CVSS6.7AI score0.01777EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2019/01/29 7:54 a.m.1 views

Police Shut Down xDedic – An Online Market for Cyber Criminals

In an international operation involving law enforcement authorities from the U.S. and several European countries, feds have shut down an online underground marketplace and arrested three suspects in Ukraine. Dubbed xDedic, the illegal online marketplace let cybercriminals buy, sell or rent out...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/17 7:45 a.m.121 views

Unprotected Government Server Exposes Years of FBI Investigations

A massive government data belonging to the Oklahoma Department of Securities ODS was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with...

6.7AI score
Exploits0
CVE
CVE
added 2018/12/04 6:0 p.m.63 views

CVE-2018-0468

The CVE-2018-0468 issue affects Cisco Energy Management Suite (CEMS) configured with PostgreSQL using unchanged default access credentials. An authenticated, local attacker can log in to the host and connect to the bundled PostgreSQL database to access and modify confidential data. The advisory n...

7.8CVSS7.5AI score0.00327EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/11/20 7:29 p.m.18 views

Hardcoded credentials

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...

3.3CVSS8.8AI score0.00715EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2018/11/20 7:0 p.m.54 views

CVE-2018-18562

CVE-2018-18562 is an OS command injection vulnerability in Roche Accu-Chek Inform II Base Unit / Base Unit Hub and CoaguChek / cobas h232 Handheld Base Unit, before 03.01.04. The root cause is insecure operation allowing authenticated attackers in the adjacent network to execute arbitrary command...

8.8CVSS8.5AI score0.00715EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/11/20 7:0 p.m.22 views

CVE-2018-18562

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...

8.7AI score0.00715EPSS
Exploits0References2
Rows per page
Query Builder