Lucene search
+L

44 matches found

Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.7 views

PT-2024-25823 · Apache · Apache Karaf Cave

Name of the Vulnerable Software and Affected Versions: Apache Karaf Cave versions all Description: The issue is related to an Improper Input Validation vulnerability. This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to find an...

9.1CVSS8.9AI score0.01161EPSS
Exploits0References10
Openbugbounty
Openbugbounty
added 2023/11/09 3:43 p.m.7 views

ma-cave-a-vin.fr Cross Site Scripting vulnerability OBB-3776104

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/05/12 1:4 p.m.7 views

cave-bonnieux.com Cross Site Scripting vulnerability OBB-3326227

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/09/16 12:9 p.m.14 views

cave-mader.fr Cross Site Scripting vulnerability OBB-2925504

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/09/16 12:9 p.m.11 views

cave-avonnaise.fr Cross Site Scripting vulnerability OBB-2925503

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/01/12 1:14 p.m.10 views

cave-mader.fr Cross Site Scripting vulnerability OBB-2331691

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CNVD
CNVD
added 2021/03/12 12:0 a.m.1 views

Denial of Service Vulnerability in Pothole App

Tencent Wave Cave app is a comic book reading platform that gathers a large number of users who love the second generation. A denial-of-service vulnerability exists in Wave Cave App, which can be exploited by attackers to cause denial-of-service attacks...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2019/09/30 8:0 p.m.122 views

Recomposer - Randomly Changes Win32/64 PE Files For 'Safer' Uploading To Malware And Sandbox Sites

Ever have that not so safe feeling uploading your malware binaries to VirusTotal or other AV sites because you can look up binaries by hashes? Example: https://github.com/mubix/vt-notify Feel somewhat safer with Recomposer! Recomposer will take your binary and randomly do the following: Change th...

7.8AI score
Exploits0References2
Openbugbounty
Openbugbounty
added 2018/04/22 5:38 a.m.11 views

cave-de-paris.com XSS vulnerability

Open Bug Bounty ID: OBB-606195 Description| Value ---|--- Affected Website:| cave-de-paris.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/02/24 5:40 p.m.12 views

la-cave-a-vin.fr XSS vulnerability

Open Bug Bounty ID: OBB-567586 Description| Value ---|--- Affected Website:| la-cave-a-vin.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/11/02 11:19 p.m.9 views

cave-de-paris.com XSS vulnerability

Open Bug Bounty ID: OBB-388665 Description| Value ---|--- Affected Website:| cave-de-paris.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
Kitploit
Kitploit
added 2017/06/25 2:30 p.m.89 views

CAVE MINER - Search for Code Cave in All Binaries (ELF, PE and Mach-o) and Inject Payload

This tools search for code cave in binaries Elf, Mach-o, Pe, and inject code in them. Features Find code caves in ELF, PE and Mach-o Use custom bytes for the search ex: 0xCC can be used as nullbytes on PE See virtual address of the code cave. See the permissions of the code caves. Search custom...

7.6AI score
Exploits0References1
hackapp
hackapp
added 2016/04/01 10:18 a.m.14 views

Colossal Cave Adventure - Suspicious files, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application Colossal Cave Adventure published at the 'play' market has multiple vulnerabilities...

0.4AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:18 a.m.11 views

Candy Cave - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Candy Cave published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:45 a.m.13 views

Hopeless: The Dark Cave - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Hopeless: The Dark Cave published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2015/09/25 12:0 a.m.27 views

WordPress 3.8.2 cookie 伪造漏洞

0x00 背景 看了WordPress 3.8.2补丁分析 HMAC timing attack,眼界大开,原来还可以利用时间差来判断HMAC。 但我总觉得这个漏洞并不是简单的修复这个问题。 查看了官方提供的资料:“该漏洞是由WordPress的安全团队成员Jon Cave发现。”。 也许漏洞还有这样利用的可能。 0x01 PHP的特性 当PHP在进行 ”==”,”!=”等非严格匹配的情况下,会按照值的实际情况,进行强制转换。 当有一个对比参数是整数的时候,会把另外一个参数强制转换为整数。 0x02 分析修复的代码 官方版的diff只在php里改动了一个位置:...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/08/04 2:39 p.m.52 views

BackdoorFactory - Patch PE (x86/x64) and ELF (x86/x64 and ARM LE x32) binaries with shellcode

Patch win86/64 PE and linux86/64 binaries with shellcode. The goal of The Backdoor Factory is to patch executable binaries with user desired shellcode and continue normal execution of the binary prepatched state. Under a BSD 3 Clause License. This is done by either appending a code cave or using...

7.4AI score
Exploits0References2
NVD
NVD
added 2013/07/18 4:51 p.m.19 views

CVE-2013-4877

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets...

2.6CVSS6.8AI score0.00784EPSS
Exploits0References3
Prion
Prion
added 2013/07/18 4:51 p.m.17 views

Authentication flaw

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets...

2.6CVSS7.3AI score0.00784EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/07/18 2:0 p.m.54 views

CVE-2013-4877

CVE-2013-4877 affects Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01. The root issue is that these devices do not use CAVE authentication, which allows an attacker to sniff registration packets over the network and obtain ESN and MIN values from arbitrary phones, enabling cloning...

2.6CVSS7AI score0.00784EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder