Lucene search
K

76 matches found

ATTACKERKB
ATTACKERKB
added 2019/07/02 10:15 p.m.3 views

CVE-2019-13177

verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...

9.8CVSS5.8AI score0.01621EPSS
Exploits1References3
NVD
NVD
added 2018/12/10 12:29 a.m.18 views

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

9.8CVSS9.5AI score0.02326EPSS
Exploits1References1
Prion
Prion
added 2018/12/10 12:29 a.m.14 views

Design/Logic Flaw

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

7.5CVSS9.4AI score0.13683EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2018/12/10 12:29 a.m.13 views

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

9.8CVSS7AI score
Exploits0References1
CVE
CVE
added 2018/12/10 12:0 a.m.53 views

CVE-2018-19991

CVE-2018-19991 / CVE-2018-9230 involve OpenResty and VeryNginx. VeryNginx 0.3.3 is described as allowing a remote attacker to bypass the Web Application Firewall due to no error handler for get_uri_args or get_post_args, enabling API misuse described in CVE-2018-9230. The connected records provid...

9.8CVSS9.4AI score0.02326EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/10 12:0 a.m.21 views

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

9.5AI score0.02326EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2018/06/12 5:26 p.m.25 views

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have implemented Apple’s official code-signing API can be exploited by...

6.8CVSS0.00857EPSS
Exploits6References1
Positive Technologies
Positive Technologies
added 2017/07/27 12:0 a.m.5 views

PT-2017-19073 · Libjpeg Turbo +1 · Libjpeg-Turbo +1

Name of the Vulnerable Software and Affected Versions: libjpeg-turbo version 1.5.1 Description: The issue allows remote attackers to cause a denial of service, resulting in invalid memory access and application crash, or possibly have other unspecified impacts via a crafted jpg file. It is noted...

8.8CVSS9.2AI score0.08152EPSS
Exploits4References10
seebug.org
seebug.org
added 2013/11/21 12:0 a.m.22 views

php云人才系统 UC API 未初始化注入漏洞

简要描述: 详细说明: api/alipaydual/notifyurl.php requireonce"alipay.config.php"; requireonce"lib/alipaynotify.class.php"; requireoncedirnamedirnamedirnameFILE."/data/db.config.php"; requireoncedirnamedirnamedirnameFILE."/include/mysql.class.php"; $db = new mysql$dbconfig'dbhost', $dbconfig'dbuser',...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/10/05 6:42 p.m.3 views

Facebook content restrictions bypass Vulnerability

Facebook content restrictions bypass Vulnerability Blackhat Academy claims to have found a way to bypass content restrictions on links, as posted on their site and posts put on a user's public wall. Even Security Analysts claim that Facebook was notified of these vulnerabilities on July 31st, 201...

7AI score
Exploits0
OSV
OSV
added 2011/03/16 10:55 p.m.3 views

DEBIAN-CVE-2011-1428

Wee Enhanced Environment for Chat aka WeeChat 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect...

5.8CVSS6.9AI score0.01082EPSS
Exploits1References1
OSV
OSV
added 2011/03/16 10:55 p.m.8 views

UBUNTU-CVE-2011-1428

Wee Enhanced Environment for Chat aka WeeChat 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect...

5.8CVSS5.9AI score0.01082EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/01/14 12:0 a.m.34 views

Debian DSA-1701-1 : openssl, openssl097 - interpretation conflict

It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine CVE-2008-5077 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

7.5CVSS7.4AI score0.05146EPSS
Exploits6References14
OpenVAS
OpenVAS
added 2009/01/13 12:0 a.m.11 views

Debian Security Advisory DSA 1701-1 (openssl, openssl097)

The remote host is missing an update to openssl, openssl097 announced via advisory DSA 1701-1. OpenVAS Vulnerability Test $Id: deb17011.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1701-1 openssl, openssl097 Authors: Thomas Reinke Copyright: Copyright c...

5.8CVSS7.4AI score0.05146EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/01/13 12:0 a.m.28 views

Debian: Security Advisory (DSA-1701-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS7.3AI score0.05146EPSS
Exploits1References3
OSV
OSV
added 2009/01/12 12:0 a.m.21 views

DSA-1701-1 openssl openssl097 - cryptographic weakness

Bulletin has no description...

5.8CVSS7.2AI score0.05146EPSS
Exploits1
Rows per page
Query Builder