CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2018/09/29 8:22 p.m.•17 views

Security Bulletin: CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr

Summary A potential security vulnerability has been identified for systems that are set up to use basic authentication. The version of Solr that is included with both IBM i2 Enterprise Insight Analysis and IBM i2 Analyze is affected, and has been patched in the latest fix pack. Vulnerability...

1.6AI score0.00335EPSS

Exploits1Affected Software2

Github Security Blog•added 2018/09/17 9:57 p.m.•17 views

Moderate severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish. The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and...

4.3CVSS5.4AI score0.01119EPSS

Exploits0References2Affected Software1

OSV•added 2018/09/17 9:57 p.m.•5 views

GHSA-VWFG-QJ3R-6V3R Moderate severity vulnerability that affects actionpack

4.3CVSS5.7AI score0.01119EPSS

Exploits0References2

OSV•added 2018/07/03 1:29 p.m.•2 views

CVE-2018-11746

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

9.8CVSS5.8AI score0.00217EPSS

Exploits0References2

NVD•added 2018/07/03 1:29 p.m.•11 views

CVE-2018-11746

9.8CVSS9AI score0.00217EPSS

Exploits0References2

OpenVAS•added 2018/06/28 12:0 a.m.•10 views

Microsoft Windows: Basic authentication (RM Service)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmservbasicauth.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow Basic authentication Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

7.3AI score

OpenVAS•added 2018/06/28 12:0 a.m.•24 views

Microsoft Windows: Basic authentication (RM Client)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmclientbasicauth.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow Basic authentication Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

7.3AI score

Penetration Testing Lab•added 2018/05/15 1:18 p.m.•44 views

Lateral Movement – WinRM

WinRM stands for Windows Remote Management and is a service that allows administrators to perform management tasks on systems remotely. Communication is performed via HTTP 5985 or HTTPS SOAP 5986 and support Kerberos and NTLM authentication by default and Basic authentication. Usage of this servi...

3.3AI score

RedHat Linux•added 2018/03/26 10:20 a.m.•2 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

RedHat Linux•added 2018/03/26 9:39 a.m.•1 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

RedHat Linux•added 2018/02/28 8:6 p.m.•2 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

exploitpack•added 2018/02/14 12:0 a.m.•23 views

NAT32 2.2 Build 22284 - Remote Command Execution

NAT32 2.2 Build 22284 - Remote Command Execution + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product:...

4.3CVSS6.6AI score0.08087EPSS

Exploit DB•added 2018/02/14 12:0 a.m.•56 views

NAT32 2.2 Build 22284 - Remote Command Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: ================= NAT32 Build 22284 NAT32 is a...

6.1CVSS6.3AI score0.08087EPSS

Packet Storm•added 2018/02/14 12:0 a.m.•40 views

NAT32 Build 22284 Remote Command Execution

6.4AI score0.08087EPSS

0day.today•added 2018/02/14 12:0 a.m.•26 views

NAT32 2.2 Build 22284 - Remote Command Execution Vulnerability

Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: ================= NAT32 Build 22284 NAT32 is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CVE...

6.4AI score0.08087EPSS

RedHat Linux•added 2017/12/19 8:37 a.m.•1 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...