Lucene search
K

48 matches found

Veracode
Veracode
added 2020/12/22 1:9 a.m.8 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through overly greedy regular expressions when parsing the browsers' user agent strings...

4.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/04/07 12:0 a.m.4 views

April 7, 2020, update for OneNote 2016 (KB4475586)

April 7, 2020, update for OneNote 2016 KB4475586 This article describes update 4475586 for Microsoft OneNote 2016 that was released on April 7, 2020. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to...

6.3AI score
Exploits0
Kitploit
Kitploit
added 2019/10/18 9:30 p.m.161 views

Rbuster - Yet Another Dirbuster

yet another dirbuster Common Command line options -a - specify a user agent string to send in the request -c - use this to specify any cookies that you might need simulating auth. header. -f - force processing of a domain with wildcard results. -l - show the length of the response. -r - follow...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/14 12:0 a.m.40 views

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:2345-2)

This update for webkit2gtk3 fixes the following issues : Updated to version 2.24.4 bsc1148931. Security issues fixed : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615...

9.3CVSS6.4AI score0.12955EPSS
Exploits7References51
Tenable Nessus
Tenable Nessus
added 2019/09/11 12:0 a.m.55 views

SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:2345-1)

This update for webkit2gtk3 fixes the following issues : Updated to version 2.24.4 bsc1148931. Security issues fixed : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615...

9.3CVSS6.4AI score0.12955EPSS
Exploits7References51
Prion
Prion
added 2018/01/31 8:29 p.m.10 views

Input validation

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

6.5CVSS8.6AI score0.02003EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/01/31 8:29 p.m.11 views

CVE-2017-15653

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

8.8CVSS8.7AI score0.02003EPSS
Exploits1References2
NVD
NVD
added 2018/01/10 2:29 a.m.28 views

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

6.1CVSS6AI score0.00836EPSS
Exploits0References1
Prion
Prion
added 2018/01/10 2:29 a.m.12 views

Design/Logic Flaw

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

4.3CVSS5.9AI score0.00836EPSS
Exploits0References1Affected Software1
Metasploit
Metasploit
added 2017/12/07 4:25 p.m.267 views

ua-parser-js npm module ReDoS

This module exploits a Regular Expression Denial of Service vulnerability in the npm module "ua-parser-js". Server-side applications that use "ua-parser-js" for parsing the browser user-agent string will be vulnerable if they call the "getOS" or "getResult" functions. This vulnerability was fixed...

7.5CVSS0.5AI score0.09242EPSS
Exploits2
Hacker One
Hacker One
added 2017/11/18 4:24 p.m.18 views

Mail.ru: XSS on account.mail.ru/login

Уязвимость на станице https://account.mail.ru/login и подготовка файлов для атаки --------------------- В процессе исследования заметил, что на странице https://account.mail.ru/login не валидируется значение параметра v. Значение выводится на странице как есть и используется в пути до скрипта...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/22 3:18 p.m.61 views

Explained: user agent

If you are the kind of person that uses different browsers or different devices to access websites, you may have noticed that many sites can look quite different depending on which browser you are using. When your browser sends a request to a website, it identifies itself with the user agent stri...

6.8AI score
Exploits0
myhack58
myhack58
added 2015/12/29 12:0 a.m.29 views

JAVA serialization and deserialization and vulnerability remediation-vulnerability warning-the black bar safety net

Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...

0.4AI score
Exploits0
myhack58
myhack58
added 2015/12/27 12:0 a.m.18 views

JAVA serialization and deserialization, as well as vulnerability remediation-vulnerability warning-the black bar safety net

Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...

0.4AI score
Exploits0
myhack58
myhack58
added 2015/12/16 12:0 a.m.8 views

Joomla then exposed to high-risk 0day vulnerability for remote command execution-vulnerability warning-the black bar safety net

Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. It is reported that the vulnerability from being found to the security patches released, it has been more than two days, at present also has been through other channels in the spread. You can...

0.4AI score
Exploits0
myhack58
myhack58
added 2015/09/23 12:0 a.m.27 views

Microsoft repair SharePoint 2 0 1 3 XSS vulnerabilities-the vulnerabilities and early warning-the black bar safety net

SharePoint is the Microsoft Office Suite in a tool for individuals and companies to create a portal page. The vulnerabilityCVE-2 0 1 5-2 5 2 2by FortiNet's FortiGuard Labs security researchers discovered the vulnerability affects SharePoint 2 0 1 3 15.0.4571.1502 early version. SharePoint is a...

7AI score
Exploits0
OSV
OSV
added 2015/08/31 6:59 p.m.2 views

UBUNTU-CVE-2014-2329

Multiple cross-site scripting XSS vulnerabilities in CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the 1 agent string for a checkmk agent, a 2 crafted request to a monitored host, which is not properly handled by the...

3.5CVSS6.1AI score0.01126EPSS
Exploits1References3
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.62 views

[CVE-2015-2926] XSS vuln in phpTrafficA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: The user agent string provided by the browser is not sanitized nor escaped when handled. This string ...

7.2AI score0.01906EPSS
Exploits2
Packet Storm
Packet Storm
added 2015/04/08 12:0 a.m.32 views

phpTrafficA 2.3 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: The user agent string provided by the browser is not sanitized nor escaped when handled. This string ...

4.3CVSS0.3AI score0.01906EPSS
Exploits2
Kitploit
Kitploit
added 2014/07/16 9:8 p.m.28 views

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

8.2AI score
Exploits0
Rows per page
Query Builder