8 matches found
AWS VDP: Arbitrary Code Execution via Scanner Bypass in **aws-diagram-mcp-server** `exec()` Namespace
Description: The aws-diagram-mcp-server contains an arbitrary code execution vulnerability in diagramstools.py. User-supplied Python code is executed via execcode, namespace at line 305 with a namespace containing the full os module, urlretrieve, and Python builtins. A security scanner scanner.py...
Dahua DVR Authentication Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner, 'Description' = %qScans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and...
Flowise < 1.6.6 Authentication Bypass
Flowise versions prior to 1.6.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API. No source data...
Atlassian Jira 7.0.8 < 7.13.0 Permissions Bypass In The Inline-create Rest Resource
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.2.3. It is, therefore, affected by a vulnerability which permits authenticated remote attackers to set the reporter in issues via a missing authorisation check. Note that th...
Debian DSA-4145-1 : gitlab - security update
Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code : - CVE-2017-0915/ CVE-2018-3710 Arbitrary code execution in project import. - CVE-2017-0916 Command injection via Webhooks. - CVE-2017-0917 Cross-site scripting in CI job output. - CVE-2017-0918...
CVE-2007-6596
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file...
Curl < 7.16.4 Expired Certificate Access Restriction Bypass
Binary data 4137.prm...
Aztek Forum myadmin.php Admin Authentication Bypass
Binary data 2679.prm...