Lucene search
K

6609 matches found

Packet Storm
Packet Storm
added 2023/07/18 12:0 a.m.245 views

Business Website CMS 1.9 SQL Injection

==================================================================================================================================== | Title : Business Website CMS v1.9 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/15 12:0 a.m.145 views

Brigadasoft CMS 2.1 SQL Injection

==================================================================================================================================== | Title : Brigadasoft CMS v2.1 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.301 views

Bayfront CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Bayfront-CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
OSV
OSV
added 2023/07/12 6:30 p.m.16 views

GHSA-P756-66W2-35G7 Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery

Jenkins Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request. This vulnerability allows attackers to trick users into logging in to the attacker’s account...

8.8CVSS8.7AI score0.00413EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.29 views

Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery

Jenkins Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request. This vulnerability allows attackers to trick users into logging in to the attacker’s account...

8.8CVSS6.9AI score0.00413EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/12 4:15 p.m.2 views

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

8.8CVSS5.7AI score0.00413EPSS
Exploits0References2
NVD
NVD
added 2023/07/12 4:15 p.m.14 views

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

8.8CVSS0.00413EPSS
Exploits0References2
Prion
Prion
added 2023/07/12 4:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

6.8CVSS8.7AI score0.00413EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/12 3:52 p.m.18 views

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

6.7AI score0.00413EPSS
Exploits0References2
CVE
CVE
added 2023/07/12 3:52 p.m.2503 views

CVE-2023-37961

CVE-2023-37961 describes a CSRF flaw in Jenkins Assembla Auth Plugin

8.8CVSS8.7AI score0.00413EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/12 3:52 p.m.14 views

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

8.9AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2023/07/12 12:31 p.m.3 views

GHSA-47R2-PHR8-M8CP Apache Pulsar Broker Improper Authentication vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

6.5CVSS5.9AI score0.00722EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/07/12 12:31 p.m.6 views

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-31007 via org.apache.pulsar:pulsar-broker (=2.11.0)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...

6.5CVSS6.5AI score0.00722EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/07/12 12:31 p.m.4 views

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-30428 via org.apache.pulsar:pulsar-broker (=2.11.0)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...

8.2CVSS7.2AI score0.0058EPSS
Exploits0
Nuclei
Nuclei
added 2023/07/12 9:13 a.m.31 views

Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

9.1CVSS9.4AI score0.09232EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2023/07/12 4:10 a.m.4 views

kube-apiserver: PrivEsc

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...

8CVSS5.8AI score0.01569EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/07/11 10:46 p.m.5 views

@glarus-labs/vendure-social-auth (>=0.0.1 <=0.1.1), @mirahi/vendure-adyen-dropin-plugin (>=0.0.1 <=0.0.5) +1 more potentially affected by unknown CVE via @vendure/core (>=0.11.1 <=1.9.6)

@vendure/core NPM version =0.11.1, =0.0.1, =0.0.1, =0.0.5 - @zifahm/vendure-social-auth =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-H9WQ-XCQX-MQXM...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/11 12:0 a.m.230 views

CANDOO Strategic CMS 2.0 SQL Injection

==================================================================================================================================== | Title : CANDOO Strategic CMS V2.0 Auth By pass vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
CVE
CVE
added 2023/07/10 1:8 p.m.36 views

CVE-2023-29095

The CVE-2023-29095 entry concerns the RSVPMaker WordPress plugin by David F. Carr. Affected versions are prior to 10.5.5 and the vulnerability is an SQL Injection in the RSVPMaker plugin that can be exploited with Administrator+ privileges. The issue is addressed in version 10.5.5 and later, whic...

7.6CVSS7.8AI score0.00697EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/07 6:34 p.m.18 views

Barberry Security Advisory - regarding x/auth periodic vesting accounts

Impact In PeriodicVestingAccount, defined in x/auth, an attacker can initialize a victim's account as a malicious vesting account, which allows deposits but does not allow withdrawals. When the user then deposits funds into their account, those funds are locked forever, and the user is not able t...

6.7AI score
Exploits0References6Affected Software1
Rows per page
Query Builder