Lucene search
K

222 matches found

Prion
Prion
added 2023/02/15 7:15 p.m.18 views

Code injection

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos...

5CVSS7.6AI score0.00754EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/15 12:0 a.m.63 views

CVE-2022-47508

The CVE-2022-47508 entry concerns SolarWinds Server & Application Monitor (SAM). According to the provided records, the issue stems from weaknesses in the authentication procedure that enable issues with NTLM/ Kerberos handling, particularly when polling data via IP instead of Kerberos. The NVD e...

7.5CVSS7.6AI score0.00754EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/12 7:37 a.m.57 views

CVE-2023-0785

CVE-2023-0785 affects SourceCodester Best Online News Portal 1.0, where the vulnerability resides in the file check_availability.php. The issue arises from manipulating the username parameter, leading to exposure of sensitive information via data queries. It is a remote attack with high complexit...

3.7CVSS4AI score0.00851EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.4 views

GTAB Software Tabit 安全漏洞

GTAB Software Tabit is a full-featured program from GTAB Software for creating, playing, and printing fingerstyle music for guitar, bass, or banjo. GTAB Software Tabit suffers from a security vulnerability that stems from the fact that an attacker can query user data via one of its URL-mapped pag...

7.5CVSS7.3AI score0.00398EPSS
Exploits0References2
Kitploit
Kitploit
added 2021/11/19 11:30 a.m.42 views

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

6.5AI score
Exploits0References27
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.4 views

Cloudera Hue 跨站脚本漏洞

Cloudera Hue is a mature open source SQL helper for querying any database and data warehouse.A cross-site scripting vulnerability exists in Cloudera Hue version 4.6.0. An attacker can exploit the vulnerability to conduct cross-site scripting attacks via the type parameter...

6.1CVSS5.5AI score0.00647EPSS
Exploits0References2
Fedora
Fedora
added 2021/09/09 5:33 p.m.47 views

[SECURITY] Fedora 34 Update: salt-3003.3-1.fc34

Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loa...

7.8CVSS7.7AI score0.03808EPSS
Exploits1
CNVD
CNVD
added 2021/05/12 12:0 a.m.7 views

Unspecified Vulnerability in Couchbase Server

Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . Couchbase Server has a security vulnerability that can be exploited by an attacker ...

4.4CVSS6.8AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2021/03/17 9:15 a.m.3 views

CVE-2021-22859

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege...

9.8CVSS7.6AI score0.03751EPSS
Exploits0References3
Fedora
Fedora
added 2020/11/06 1:15 a.m.37 views

[SECURITY] Fedora 33 Update: salt-3002.1-1.fc33

Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loa...

9.8CVSS2.5AI score0.57453EPSS
Exploits3
CNVD
CNVD
added 2019/04/01 12:0 a.m.1 views

SQL Injection Vulnerability in Joomla! component KSA*** parameters

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the KSA parameter of the Joomla! component. The vulnerability stems from th...

8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/10/11 12:0 a.m.12 views

The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software lies in the improper elimination of certain elements in the data request logic, allowing a intruder to execute arbitrary code.

The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software is related to improper elimination of certain elements in the data query logic. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the operating system with root privileges...

10CVSS8.1AI score0.29578EPSS
Exploits4References4Affected Software1
CNVD
CNVD
added 2017/02/23 12:0 a.m.6 views

EMC Documentum Content Server DQL Injection Vulnerability

EMC Documentum Content Server is a content management service system from EMC. A DQL injection vulnerability exists in EMC Documentum Content Server because the program fails to properly filter user-submitted input. A remote attacker can exploit the vulnerability by sending a specially crafted...

8.8CVSS7.8AI score0.02012EPSS
Exploits2References1
seebug.org
seebug.org
added 2014/09/22 12:0 a.m.22 views

XYCMS企业建站系统 2.5(注射&&后台配置插马)

简要描述: 前年她17岁,她看到我的IPad,说“姐夫,你的IPad不错嘛!” 她回去的时候,她姐姐把IPhone给她带上了。 去年她18岁,她看到我的IBM后,说“姐夫,你的IBM不错嘛!” 她回去的时候,她姐姐把IBM笔记本给她带上了。 今年她19岁,她看到我后,害羞的说:“姐夫,其实你这人挺不错的” 我在等她姐姐发话。 详细说明: 1 存在注入漏洞文件: newsdetail.asp 1-14行 无此新闻信息!" response.End end if % id没过滤进入查询 同样的问题:common.asp pro.asp news.asp prodetail.asp 漏洞证明:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/04/10 12:0 a.m.13 views

SAP HANA信息泄漏漏洞

Bugtraq ID:66675 SAP HANA是一个软硬件结合体,提供高性能的数据查询功能,用户可以直接对大量实时业务数据进行查询和分析,而不需要对业务数据进行建模、聚合等。 在处理畸形HTTP请求时SAP HANA处理ICM存在错误,允许攻击者提交特制的HTTP请求获取平台版本,主机名和实例数等敏感信息。 0 SAP HANA 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://websmp230.sap-ag.de/sap/support/notes/1914778...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2013/02/12 5:9 a.m.24 views

Distributed Red Team Operations with Cobalt Strike

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses? This week's Cobalt Strike adds the ability to manage multiple attack servers at once. Here's how it works: When you connect to two or more servers, Cobalt Strike...

6.6AI score
Exploits0
myhack58
myhack58
added 2010/07/17 12:0 a.m.16 views

Thousand Bo enterprise website management system v2010 Build 0 7 1 6 vulnerability analysis-vulnerability warning-the black bar safety net

Release time: 2010-07-16 Affected version: Thousand Bo enterprise website management system v2010 Build 0 7 1 6 Vulnerability Description: The search type injection vulnerability Default background address: http://127.1/system/AdminLogin.Asp Publishing author: m4r10 reproduced please indicate the...

8.4AI score
Exploits0
CVE
CVE
added 2000/03/22 5:0 a.m.60 views

CVE-2000-0098

CVE-2000-0098 describes a path-disclosure vulnerability in Microsoft Index Server/IIS WebHits: remote attackers can determine the real path of a web directory by requesting non-existent Internet Data Query files. OpenVAS notes the issue in MS00-006 (WebHits ISAPI filter) and IDA/IDQ path disclosu...

5CVSS6.6AI score0.48542EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2000/02/08 5:0 a.m.73 views

CVE-2000-0126

CVE-2000-0126 affects Microsoft IIS 3 and 4 via the idq.dll component. The vulnerability enables remote attackers to read arbitrary files on the target system by exploiting a dot-dot ('..') traversal in the IDQ scripts, specifically through the query.idq parameter. The root cause is a traversal f...

5CVSS6.5AI score0.45661EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2000/02/08 5:0 a.m.26 views

CVE-2000-0126

Sample Internet Data Query IDQ scripts in IIS 3 and 4 allow remote attackers to read files via a .. dot dot attack...

6.5AI score0.45661EPSS
Exploits0References1
Rows per page
Query Builder