Lucene search
K

9792 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/24 6:47 a.m.2 views

PowerCMS XMLRPC API vulnerable to OS command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains an OS command injection vulnerability CWE-78. Alfasado Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Alfasado Inc. coordinated under the Information Security Early Warning...

9.8CVSS7.6AI score0.01486EPSS
Exploits0References5
RubySec
RubySec
added 2021/11/24 12:0 a.m.63 views

Cookie Prefix Spoofing in CGI::Cookie.parse

The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names. Note that this i...

7.5CVSS6.3AI score0.02931EPSS
Exploits1References1Affected Software1
FreeBSD
FreeBSD
added 2021/11/24 12:0 a.m.27 views

rubygem-cgi -- buffer overrun in CGI.escape_html

chamal reports: A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows...

9.8CVSS7.1AI score0.04766EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2021/11/24 12:0 a.m.35 views

rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse

oooooooq reports: The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names...

7.5CVSS7.6AI score0.02931EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2021/11/16 10:14 a.m.14 views

cgi-lib.berkeley.edu Cross Site Scripting vulnerability OBB-2274161

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2021/11/14 11:54 p.m.282 views

Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier...

7.5CVSS9.3AI score0.99992EPSS
Exploits173
GithubExploit
GithubExploit
added 2021/11/14 2:30 p.m.3 views

Exploit for CVE-2017-17562

GoAhead Web Server 2.5 use multi/handler msf6 exploitmulti/h...

8.1CVSS7.2AI score0.96327EPSS
Exploits15
GithubExploit
GithubExploit
added 2021/11/14 2:30 p.m.8 views

Exploit for CVE-2017-17562

GoAhead Web Server 2.5 use multi/handler msf6 exploitmulti/h...

8.1CVSS7.2AI score0.96327EPSS
Exploits15
Prion
Prion
added 2021/11/12 9:15 p.m.20 views

Cross site request forgery (csrf)

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

4CVSS6.5AI score0.01072EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2021/11/12 9:15 p.m.2 views

UBUNTU-CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

6.1CVSS7AI score0.01284EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/11/12 8:45 p.m.29 views

CVE-2021-43332

Removed by vendor...

6.5CVSS6.8AI score0.01072EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/11/12 8:44 p.m.33 views

CVE-2021-43331

Removed by vendor...

6.1CVSS6.7AI score0.01284EPSS
Exploits0
0day.today
0day.today
added 2021/11/11 12:0 a.m.916 views

Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (3)

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE : CVE-2021-41773 /...

9.8CVSS9.2AI score0.99992EPSS
Exploits173
Packet Storm
Packet Storm
added 2021/11/11 12:0 a.m.1331 views

Apache HTTP Server 2.4.50 Remote Code Execution

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Date: 11/11/2021 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE :...

7.5CVSS9.2AI score0.99992EPSS
Exploits173
OpenVAS
OpenVAS
added 2021/11/06 12:0 a.m.23 views

Fedora: Security Advisory for php (FEDORA-2021-02d218c3be)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.2AI score0.01337EPSS
Exploits1References2
Fedora
Fedora
added 2021/11/03 1:12 a.m.31 views

[SECURITY] Fedora 35 Update: php-8.0.12-2.fc35

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

7.8CVSS7.1AI score0.01337EPSS
Exploits1
Fedora
Fedora
added 2021/10/28 7:31 p.m.35 views

[SECURITY] Fedora 33 Update: php-7.4.25-1.fc33

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

7.8CVSS2.2AI score0.01337EPSS
Exploits1
Metasploit
Metasploit
added 2021/10/28 5:51 p.m.46 views

Browse the session filesystem in a Web Browser

This module allows you to browse the session filesystem via a local browser window. Module Options msf use post/multi/manage/fileshare msf postfileshare show actions ...actions... msf postfileshare set ACTION msf postfileshare show options ...show and set options... msf postfileshare run This...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2021/10/27 2:29 p.m.422 views

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...

9.8CVSS9.4AI score0.99964EPSS
Exploits62
GithubExploit
GithubExploit
added 2021/10/26 5:56 p.m.388 views

Exploit for Path Traversal in Apache Http_Server

RCE exploit both for Apache 2.4.49 CVE-2021-41773 and 2.4.5...

9.8CVSS9.3AI score0.99992EPSS
Exploits173
Rows per page
Query Builder