Lucene search
+L

267 matches found

CNNVD
CNNVD
added 2021/08/20 12:0 a.m.5 views

Skycaiji 路径遍历漏洞

Skycaiji Blue Sky Collector is a free data collection and publishing crawler software in China, developed with php+mysql and can be deployed on cloud servers. A path traversal vulnerability exists in Skycaiji version 1.3, which stems from. The vulnerability stems from a failure of a network syste...

5.3CVSS5.9AI score0.0196EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2021/07/13 7:0 a.m.64 views

Description of the security update for SharePoint Enterprise Server 2016: July 13, 2021 (KB5001981)

None None...

5.3CVSS6.5AI score0.04445EPSS
Exploits0
NVD
NVD
added 2021/05/13 6:15 p.m.23 views

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

7.5CVSS0.0127EPSS
Exploits0References1
OSV
OSV
added 2021/05/13 6:15 p.m.19 views

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

7.5CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2021/05/13 6:15 p.m.20 views

Xxe

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

5CVSS7.6AI score0.0127EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/13 5:35 p.m.78 views

CVE-2021-22140

Elastic App Search (web crawler beta) versions 7.11.0–7.12.0 are affected by an XML External Entity (XXE) injection in the crawler, allowing an attacker crawling the site via a manipulated sitemap.xml to read files on the host. Root cause: insufficient validation of XML in the crawler. Impact: po...

7.5CVSS7.5AI score0.0127EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/13 5:35 p.m.24 views

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

7.8AI score0.0127EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.6 views

Elastic App Search web crawler 代码问题漏洞

Elastic App Search web crawler is an application from Elastic USA. provides greater scalability and performance enhancements. A code issue vulnerability exists in App Search web crawler that stems from insufficient validation of user-supplied XML input in Enterprise Search. The following products...

7.5CVSS7.4AI score0.0127EPSS
Exploits0References2
OSV
OSV
added 2021/04/13 3:19 p.m.36 views

GHSA-JXG6-FHWC-9V9C Regular Expression Denial of Service (ReDoS) in es6-crawler-detect

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

5.3CVSS7.5AI score0.01498EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/04/13 3:19 p.m.41 views

Regular Expression Denial of Service (ReDoS) in es6-crawler-detect

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

7.5CVSS7.3AI score0.01498EPSS
Exploits1References4Affected Software1
Hacker One
Hacker One
added 2021/04/08 4:42 a.m.17 views

Elastic: XXE in Enterprise Search's App Search web crawler

Summary Hello team! The latest version of Enterprise Search 7.12.0 is vulnerable to XXE when parsing sitemaps. Up to now I'm only able to read file that contain one line. I'm reporting now to avoid duplicates, but I'll keep working to find a way to extract entire files or HTTP request bodies...

Exploits0
OSV
OSV
added 2021/03/22 12:15 p.m.5 views

CVE-2020-28501

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

7.5CVSS7.1AI score0.01498EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/03/22 12:10 p.m.26 views

CVE-2020-28501 Regular Expression Denial of Service (ReDoS)

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

5.3CVSS7.5AI score0.01498EPSS
Exploits1References2
CVE
CVE
added 2021/03/22 12:10 p.m.55 views

CVE-2020-28501

The CVE-2020-28501 issue affects es6-crawler-detect prior to 3.1.3. The root cause is a lack of length limitation on the user agent string when fed to regex operators, producing Regular Expression Denial of Service (ReDoS). Reported references from GHSA (Regular Expression Denial of Service in es...

7.5CVSS6.2AI score0.01498EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/03/22 12:0 a.m.6 views

Npm es6-crawler-detect 安全漏洞

Npm es6-crawler-detect is an application from Npm. It can help detect bots, crawlers and spiders by scanning user agent strings or from the global ... A security vulnerability exists in es6-crawler-detect before 3.1.3, which stems from the lack of a limit on the length of the user agent string...

7.5CVSS7.3AI score0.01498EPSS
Exploits1References3
CNVD
CNVD
added 2021/01/27 12:0 a.m.4 views

Command Execution Vulnerability in Pyspider Crawler System

Pyspider is a web crawler system. Pyspider crawler system has a command execution vulnerability that can be exploited by an attacker to remotely execute code by injecting malicious code into the project manager, controlling the entire server, and carrying out intranet infiltration, DDos and other...

7.6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/01/06 5:15 p.m.5 views

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:PYSEC-2021-5...

5.7CVSS6.6AI score0.01466EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/01/06 4:57 p.m.6 views

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:GHSA-HQ37-853P-G5CF...

5.7CVSS6.6AI score0.01466EPSS
Exploits1
Hacker One
Hacker One
added 2020/12/31 3:39 p.m.152 views

h1-ctf: How The Hackers Saved Christmas

F1139789 Challenge I 🤖 "What are you doing?" I asked myself. I was about to trespass a clear warning to keep out. F1139744 "Have you lost your mind?" But I couldn't help it. I was born for this. And I wasn't going to back down. There are 12 more days until Christmas Eve, and I wasn't going to let...

8.3AI score
Exploits0
Snyk
Snyk
added 2020/12/15 6:3 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview es6-crawler-detect is an ES6 version of the original PHP class @CrawlerDetect, it helps you detect bots/crawlers and spiders only by scanning the user-agent string or from the global request.headers. Affected versions of this package are vulnerable to Regular Expression Denial of Service...

7.5CVSS6.7AI score0.01498EPSS
Exploits1References2
Rows per page
Query Builder