CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

OSV•added 2024/03/06 11:3 a.m.•26 views

BIT-RAILS-2021-44528

A open redirect vulnerability exists in Action Pack = 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...

6.1CVSS6.1AI score0.28611EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:25 a.m.•1 views

SUSE CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

7.5CVSS6.8AI score0.00064EPSS

Exploits0References16

OSV•added 2022/07/14 3:15 p.m.•2 views

ALPINE-CVE-2022-32212

8.1CVSS7.2AI score0.00064EPSS

Exploits0References1

UbuntuCve•added 2022/01/10 2:10 p.m.•26 views

CVE-2021-44528

6.1CVSS6.6AI score0.28611EPSS

Exploits0References5

Prion•added 2022/01/10 2:10 p.m.•17 views

Open redirect

5.8CVSS6.1AI score0.28611EPSS

Exploits0References3Affected Software1

CNNVD•added 2022/01/10 12:0 a.m.•2 views

Rails Action Pack 输入验证错误漏洞

Rails Action Pack is a web framework for the Rails community in the United States . It provides a mechanism for routing mapping request URLs to actions, defining controllers that implement actions, and generating responses by rendering views templates in various formats. An input validation error...

6.1CVSS7.3AI score0.28611EPSS

Exploits0References4

Cvelist•added 2022/01/07 12:0 a.m.•30 views

CVE-2021-44528

6.5AI score0.28611EPSS

Exploits0References3

RedhatCVE•added 2021/12/20 3:14 p.m.•31 views

CVE-2021-44528

6.1CVSS4.1AI score0.28611EPSS

Exploits0References4

Prion•added 2021/06/11 4:15 p.m.•17 views

Open redirect

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

5.8CVSS6.1AI score0.15453EPSS

Exploits1References2Affected Software1

Debian CVE•added 2021/06/11 3:49 p.m.•25 views

CVE-2021-22903

6.1CVSS6.1AI score0.00096EPSS

Exploits0

Cvelist•added 2021/06/11 3:49 p.m.•22 views

CVE-2021-22903

6.4AI score0.00096EPSS

Exploits0References2

Github Security Blog•added 2021/03/02 3:44 a.m.•62 views

Actionpack Open Redirect Vulnerability

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious websi...

6.1CVSS6.1AI score0.15453EPSS

Exploits1References14Affected Software1

OSV•added 2021/03/02 3:44 a.m.•20 views

GHSA-8877-PRQ4-9XFW Actionpack Open Redirect Vulnerability

6.1CVSS6AI score0.15453EPSS

Exploits1References14

NVD•added 2021/02/11 6:15 p.m.•16 views

CVE-2021-22881

6.1CVSS0.15453EPSS

Exploits1References7

UbuntuCve•added 2021/02/11 6:15 p.m.•18 views

CVE-2021-22881

6.1CVSS6.6AI score0.15453EPSS

Exploits1References3

Cvelist•added 2021/02/11 4:12 p.m.•25 views

CVE-2021-22881

6.3AI score0.15453EPSS

Exploits1References7

Snyk•added 2021/02/11 1:20 p.m.•2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect. Specially crafted Host headers in combination with certain allowed host formats can cause the Host Authorization middleware in ActionPack to redirect users to a malicious website. When an allowed host contains a leading...

6.1CVSS6.2AI score0.15453EPSS

Exploits1References2

Metasploit•added 2014/12/22 4:21 p.m.•34 views

VNC Server (Reflective Injection), Hidden Bind TCP Stager

Inject a VNC Dll via a reflective loader staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...

7.1AI score

Exploits0

Metasploit•added 2014/12/22 4:21 p.m.•30 views

Windows Meterpreter (skape/jt Injection), Hidden Bind TCP Stager

Inject the meterpreter server DLL staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize =...

7.1AI score

Exploits0

Metasploit•added 2014/12/22 4:21 p.m.•30 views

Windows Upload/Execute, Hidden Bind TCP Stager

Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize =...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by