Lucene search
K

1894 matches found

CVE
CVE
added 2021/10/08 5:20 p.m.47 views

CVE-2021-29906

CVE-2021-29906 – IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when configured to use an IBM Cloud API key to connect to cloud-based connectors. The vulnerability arises because the container image/hash may include the IBM Cloud API key used b...

5.5CVSS5AI score0.00213EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/08 5:20 p.m.20 views

CVE-2021-29906

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...

5.1CVSS5.2AI score0.00213EPSS
Exploits0References2
Kitploit
Kitploit
added 2021/10/08 11:30 a.m.21 views

Covert-Tube - Youtube As Covert-Channel - Control Systems Remotely And Execute Commands By Uploading Videos To Youtube

A program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener, emulating some malware I was reading about. It allows to create videos with frames formed of simple text, QR codes with cleartext or QR codes using AES encryption. Create a vid...

7.9AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/07 2:38 p.m.18 views

Security Bulletin: IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors (CVE-2021-29906)

Summary IBM App Connect Enterprise may include the hash of an IBM Cloud API key that is used by an Integration Server in the Pod definition of that Integration Server. This is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance o...

5.5CVSS0.8AI score0.00213EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/05 12:0 a.m.12 views

API Key Authentication Succeeded

This is an informational notice that the scanner was able to successfully authenticate against the web application using the API key credentials provided in the scan policy. No source data...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/10/05 12:0 a.m.39 views

API Key Authentication Failed

This plugin is raised when the scanner has not been able to authenticate against the web application using the API key credentials provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

7.3AI score
Exploits0
Gitee
Gitee
added 2021/10/02 2:45 p.m.8 views

Exploit for OS Command Injection in Eyesofnetwork

This is an exploit module for EyesOfNetwork 5.1 to 5.3, a network monitoring and management tool. The exploit targets three vulnerabilities: CVE-2020-8654, CVE-2020-8655, and CVE-2020-9465. CVE-2020-8654 is a discovery module that allows arbitrary OS commands to be run. The exploit uses the targe...

9.8CVSS8.2AI score0.85646EPSS
Exploits11
NVD
NVD
added 2021/09/21 8:15 p.m.21 views

CVE-2020-19554

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

6.1CVSS0.00562EPSS
Exploits0References1
OSV
OSV
added 2021/09/21 8:15 p.m.5 views

CVE-2020-19554

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

6.1CVSS5.8AI score0.00562EPSS
Exploits0References1
Prion
Prion
added 2021/09/21 8:15 p.m.16 views

Cross site scripting

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

4.3CVSS5.8AI score0.00562EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/21 7:7 p.m.23 views

CVE-2020-19554

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

5.8AI score0.00562EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.5 views

Zoho Corporation ManageEngine OPManager 跨站脚本漏洞

Zoho Corporation ManageEngine OpManager is a comprehensive network monitoring software from Zoho Corporation, USA. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ManageEngine OPManager =12.5.174, which stems from an API key...

6.1CVSS5.9AI score0.00562EPSS
Exploits0References2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.498 views

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
CVE
CVE
added 2021/09/15 11:44 a.m.54 views

CVE-2021-22149

Elastic Enterprise Search App Search versions prior to 7.14.0 are affected by a missing authorization weakness for API keys via an alternate route, enabling an authenticated attacker to use API keys belonging to higher-privileged users. Root cause: API keys not properly bound/authorized in altern...

8.8CVSS8.4AI score0.00924EPSS
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2021/08/24 12:30 p.m.92 views

Git-Secret - Go Scripts For Finding An API Key / Some Keywords In Repository

Goscripts for finding an API key / some keywords in repository Update V1.0.1 Removing some checkers Adding example file contains github dorks How to Install go get github.com/daffainfo/Git-Secret How to Use ./Git-Secret For path contain dorks, you can fill it with some keywords, for example...

7.4AI score
Exploits0References2
Prion
Prion
added 2021/08/16 7:15 p.m.24 views

Cross site scripting

The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10...

4.3CVSS6.1AI score0.00938EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin. WordPress Smart Email Alerts plug-in has a cross-site...

6.1CVSS6.1AI score0.00938EPSS
Exploits1References4
Hacker One
Hacker One
added 2021/08/13 12:41 a.m.5 views

Ruby on Rails: Sauce Labs API key unencrypted in an old commit

Vulnerability description not provided...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.26 views

Smart Email Alerts <= 1.0.10 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00938EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2021/08/11 2:5 a.m.22 views

Shopify: Senseitive data Related to Shopify Host -> https://shopify.zendesk.com/

Description : Github is truly awesome service but its unwise to put sensitive data in public repo as i was found a repo committed 1 houre ago contain Senseitive data Credentials && ZRTAPIKEY && JWTSECRET related to this Host - https://shopify.zendesk.com/ leaked publicly in github, and clearly th...

6.4AI score
Exploits0
Rows per page
Query Builder