Lucene search
K

188 matches found

Fedora
Fedora
added 2016/12/31 11:21 p.m.37 views

[SECURITY] Fedora 24 Update: curl-7.47.1-10.fc24

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

8.1CVSS0.04935EPSS
Exploits0
myhack58
myhack58
added 2016/12/17 12:0 a.m.239 views

The Nagios Core code execution vulnerability, CVE-2016-9565 analysis-vulnerability warning-the black bar safety net

Author: p0wd3r, dawu know Chong Yu 404 security lab Date: 2016-12-15 0x00 vulnerability overview 1. Vulnerability description Nagios is a monitoring of the IT infrastructure program, recently security researchers Dawid Golunski found in Nagios Core there is a code execution vulnerability: an...

10CVSS9AI score0.22684EPSS
Exploits12
Packet Storm
Packet Storm
added 2016/12/15 12:0 a.m.365 views

Nagios Core Curl Command Injection / Code Execution

/ / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2016-9565 - Release date:...

10CVSS0.5AI score0.22684EPSS
Exploits12
seebug.org
seebug.org
added 2016/12/14 12:0 a.m.431 views

Nagios Core < 4.2.2 Curl Command Injection/Code Execution (CVE-2016-9565)

Author: p0wd3r, dawu know Chong Yu 404 security lab Date: 2016-12-15 0x00 vulnerability overview 1. Vulnerability description Nagios is a monitoring of the IT infrastructure program, recently security researchers Dawid Golunski discovered in Nagios Core there is a code execution vulnerability: an...

10CVSS8.9AI score0.22684EPSS
Exploits12
Packet Storm
Packet Storm
added 2016/06/17 12:0 a.m.69 views

Skype For Business 2013 User Enumeration

Exploit Title: Skype for Business 2013 user enumeration timing attack Date: 2016-06-08 Exploit Author: nyxgeek Vendor Homepage: https://www.microsoft.com Version: Skype for Business 2013 Skype for Business 2013 is vulnerable to a timing attack that allows for username enumeration When Skype/Lync ...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/04/25 12:6 a.m.13 views

GitLab: Attacker can post notes on private MR, snippets, and issues

Vulnerability details By sending a specially crafted request to the GitLab API, an attacker can post notes on merge requests, snippets, and issues it doesn't have access to. This could execute additional note hooks that were configured by the project administrator. Proof of concept As a victim,...

Exploits0
seebug.org
seebug.org
added 2015/09/19 12:0 a.m.25 views

ZeusCart v4.0 /classes/Core/CFeaturedItems.php SQL注入

ZeusCart 4.0: SQL Injection1.漏洞描述在ZeusCart4.0中存在两个注入漏洞,一个注入不需要任何条件即可exploit,另一个是是发生在admin后台的注入。因为大部分参数都是依赖于简单的过滤,所以很容易由于过滤不全而产生漏洞。2a. Timing based Blind SQL Injection 基于时间的盲注证明:http://localhost/zeuscart-master/index.php?do=featured&action=showmaincatlanding&maincatid=-1AND IFSUBSTRINGversion, 1,...

8AI score
Exploits0
exploitpack
exploitpack
added 2015/09/17 12:0 a.m.21 views

ZeusCart 4.0 - SQL Injection

ZeusCart 4.0 - SQL Injection ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2015/02/03 12:0 a.m.143 views

Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

Hewlett-Packard HP UCMDB - JMX-Console Authentication Bypass Mogwai Security Advisory MSA-2015-02 ---------------------------------------------------------------------- Title: Hewlett-Packard UCMDB - JMX-Console Authentication Bypass CVE-ID: CVE-2014-7883 Product: Hewlett-Packard Universal CMDB...

5CVSS0.6AI score0.79415EPSS
Exploits30
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Wordpress Automatic Plugin 2.0.3 - SQL Injection

No description provided by source. Title: ====== Wordpress Automatic Plugin v2.0.3 SQL Injection Date: ===== 2012-06-15 Website: =========== http://codecanyon.net/item/wordpress-automatic-plugin/1904470 Introduction: ============= Wordpress automatic plugin posts quality targeted articles, Amazon...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval

No description provided by source. !/bin/bash Exploit by ShadowHatesYou [email protected] The resulting output is an SQL dump containing the Barracuda's configuration, which includes goodies such as: The administrative password for the BSFsystempassword MTA LDAP passwordsmtaldapadvancedpasswor...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/04/15 9:18 p.m.22 views

Burp Suite Professional v1.6 - The leading toolkit for web application security testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security...

6.9AI score
Exploits0
0day.today
0day.today
added 2013/12/16 12:0 a.m.23 views

Bio Basespace SDK 0.1.7 API Key Exposure

The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the APIKEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table. Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2013/09/11 7:42 a.m.38 views

disable XSRF check property has no effect on REST API

When disable the xsrf through the property in jira.xsrf.enabled=false in jira-config.properties according to the page|https://developer.atlassian.com/display/JIRADEV/Form+Token+Handling, it doesn't stop the xsrf checking when using JIRA REST API. However, the property took effect when you try som...

7.2AI score
Exploits0Affected Software1
Fedora
Fedora
added 2013/05/25 12:15 p.m.30 views

[SECURITY] Fedora 17 Update: curl-7.24.0-9.fc17

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

5CVSS0.04986EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/05/17 12:0 a.m.39 views

Fedora Update for curl FEDORA-2013-7813

Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2013-7813 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

7.5CVSS9.1AI score0.22913EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2013/05/06 12:0 a.m.34 views

Fedora Update for curl FEDORA-2013-6766

Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2013-6766 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

7.5CVSS9.1AI score0.22913EPSS
Exploits7References2
Fedora
Fedora
added 2013/04/20 7:45 p.m.34 views

[SECURITY] Fedora 19 Update: curl-7.29.0-5.fc19

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

5CVSS0.04986EPSS
Exploits1
OSV
OSV
added 2013/04/12 8:0 a.m.12 views

CURL-CVE-2013-1944 cookie domain tailmatch

libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. When communicating over HTTPS and having libcurl's cookie engine enabled, libcurl stores and holds cookies for use when subsequent requests are done to hosts and paths that match those kep...

5CVSS6.1AI score0.04986EPSS
Exploits1
0day.today
0day.today
added 2013/04/02 12:0 a.m.49 views

Aspen 0.8 - Directory Traversal

Exploit for multiple platform in category web applications The vulnerability happens when directory indexing is turned on default configuration in this version and a user requests, for instance localhost/../../../../../../../etc/passwd. The vulnerability may be tested with the following...

5CVSS6.6AI score0.07651EPSS
Exploits6
Rows per page
Query Builder