Lucene search
K

324 matches found

ATTACKERKB
ATTACKERKB
added 2023/06/20 8:15 p.m.2 views

CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

9.8CVSS5.3AI score0.75315EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.5 views

CloudPanel 安全漏洞

CloudPanel is a free software from CloudPanel open source. It is used to configure and manage servers. A security vulnerability exists in CloudPanel versions prior to 2.3.1 that stems from having insecure file manager cookie authentication...

9.8CVSS8.2AI score0.75315EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2023/06/20 12:0 a.m.10 views

CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

6.9AI score0.75315EPSS
Exploits3References3
CVE
CVE
added 2023/06/20 12:0 a.m.111 views

CVE-2023-35885

CloudPanel 2.x versions before 2.3.1 are vulnerable due to insecure file-manager cookie authentication, enabling remote code execution as root (CVSS 3.1: 9.8). Public disclosures and proof-of-concept tooling exist (Nuclei template for CVE-2023-35885; GitHub exploit). Affected product: CloudPanel;...

9.8CVSS9.4AI score0.75315EPSS
In wildExploits3References3Affected Software1
Kitploit
Kitploit
added 2023/06/07 12:30 p.m.35 views

LinkedInDumper - Tool To Dump Company Employees From LinkedIn API

Python 3 script to dump company employees from LinkedIn API Description LinkedInDumper is a Python 3 script that dumps employee data from the LinkedIn social networking platform. The results contain firstname, lastname, position title, location and a user's profile link. Only 2 API calls are...

6.9AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.3 views

SUSE CVE-2005-2869

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...

4.3CVSS6AI score0.05094EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-6100

Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...

2.6CVSS6AI score0.01314EPSS
Exploits1References4
0day.today
0day.today
added 2022/09/02 12:0 a.m.273 views

WordPress Testimonial Slider and Showcase 2.2.6 Plugin - Stored XSS Vulnerability

Exploit Title: WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting XSS Exploit Author: saitamang , yunaranyancat , syad Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version: 2.2.6 Tested on:...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2022/05/27 12:56 p.m.26 views

CVE-2022-29733

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack...

5.8AI score0.00664EPSS
Exploits2References2
Huntr
Huntr
added 2022/05/14 7:29 p.m.53 views

Leakage of third-party OAuth token via redirect

Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the redirect parameter and redirect the user and the OAuth token to an attacker controlled site. Proof of Concept 1. An attacker...

5.8CVSS6.7AI score0.01149EPSS
Exploits1
0day.today
0day.today
added 2022/04/14 12:0 a.m.227 views

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vulnerability

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The...

0.1AI score
Exploits0
OSV
OSV
added 2022/03/30 10:15 p.m.3 views

CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...

6.5CVSS5.8AI score0.00728EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.4 views

Vivoh Webinar Manager 授权问题漏洞

Vivoh Webinar Manager is a multicast application manager from the Vivoh team. A security vulnerability exists in the API prior to Vivoh Webinar Manager version 3.6.3.0 that stems from incorrect API authentication. When a user logs into the Management Configuration Web Portlet, a VIVOHAUTH cookie ...

6.5CVSS6.5AI score0.00728EPSS
Exploits1References3
wpexploit
wpexploit
added 2022/03/29 12:0 a.m.101 views

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value to...

9.8CVSS1.6AI score0.01677EPSS
Exploits2
CNNVD
CNNVD
added 2022/01/03 12:0 a.m.7 views

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Site Reviews, which stems from the program not filtering and escaping the...

6.1CVSS5.3AI score0.01314EPSS
Exploits2References2
Prion
Prion
added 2021/10/14 9:15 a.m.11 views

Command injection

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

4CVSS6.9AI score0.00941EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.3 views

LedgerSMB 安全漏洞

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, and more. A security vulnerability exists in LedgerSMB that stems from LedgerSMB not setting the Secure attribute on the session authorization...

6.8CVSS6.3AI score0.00941EPSS
Exploits1References3
0day.today
0day.today
added 2021/08/05 12:0 a.m.171 views

Riak Insecure Default Configuration / Remote Command Execution Vulnerabilities

Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use. Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance,...

7.7AI score
Exploits0
OSV
OSV
added 2021/06/10 3:43 p.m.1 views

GHSA-8H2J-CGX8-6XV7 Cross-Site Request Forgery (CSRF) in FastAPI

Impact FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if...

8.8CVSS6AI score0.00772EPSS
Exploits0References6
PyPA
PyPA
added 2021/06/09 6:15 p.m.8 views

PYSEC-2021-100

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. I...

8.2CVSS6.9AI score0.00772EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder