2334 matches found
Spotweb-Develop 1.4.9 Cross Site Scripting
Exploit Title: Cross Site Scripting DOM Based spotweb-develop 1.4.9 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty $ OWASP-ZAP Date: 05.20.2021 Vendor: https://www.nzbserver.com/ Link: https://github.com/spotweb/spotweb CVE: 2021-XXXX Proof: https://streamable.com/hix5o1 + Exploit...
Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices
For complete documentation visit www.botkube.io BotKube integration with Slack, Mattermost or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask...
TYPO3 6.2.1 SQL Injection Exploit
Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on backend.php Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor: https://typo3.org/ Link: https://get.typo3.org/version/6.2.1 CVE: CVE-2021-31777 Proof: https://streamable.com/8v7v4i + Exploit Source:...
CVE-2020-35757
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...
Nextcloud: Default Nextcloud allows http federated shares
userA on serverA runs on http only 2. userA sends a federated share to userB on serverB 3. userB is a normal user so he has no clue that there is no secure transport used and accepts the share 4. all the data written to and read from is now no longer protected by TLS Impact While maybe a bit far...
Exploit for Path Traversal in Atlassian Confluence_Server
Confluence unauthorize template injection CVE-2019-3396...
Buffalo network devices 安全漏洞
Buffalo firmware is a network device from Buffalo Japan. A security vulnerability exists in Buffalo network devices that could allow a remote attacker to open debugging options and execute arbitrary code or operating system commands to alter the configuration and cause a denial-of-service DoS...
Google Android Authorization Issues Vulnerability (CNVD-2021-31238)
Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android suffers from an authorization issue vulnerability that stems from misauthorization of the debugging command, which can be exploited by an attacker to gain unauthorized acces...
IPCDump - Tool For Tracing Interprocess Communication (IPC) On Linux
Announcement post ipcdump is a tool for tracing interprocess communication IPC on Linux. It covers most of the common IPC mechanisms -- pipes, fifos, signals, unix sockets, loopback-based networking, and pseudoterminals. It's a useful tool for debugging multi-process applications, and it's also a...
CVE-2021-25382
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command...
CVE-2021-25382
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command...
Authorization
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command...
CVE-2021-25382
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command...
CVE-2021-25382
CVE-2021-25382 concerns Samsung Secure Folder prior to SMR Oct-2020 Release 1, where improper authorization of a debugging command allows unauthorized access to Secure Folder contents. The PT-2021-16573 entry confirms affected software versions (Secure Folder prior to SMR Oct-2020 Release 1) and ...
SAMSUNG Mobile devices 安全漏洞
Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android suffers from an authorization issue vulnerability that stems from misauthorization of the debugging command, which can be exploited by an attacker to gain unauthorized acces...
PT-2021-16573 · Samsung · Secure Folder
Name of the Vulnerable Software and Affected Versions: Secure Folder versions prior to SMR Oct-2020 Release 1 Description: The issue is related to an improper authorization of using a debugging command in Secure Folder, which allows unauthorized access to contents in Secure Folder via the debuggi...
DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04/23/2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author...
HttpDoom - A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface
Validate large HTTP-based attack surfaces in a very fast way. Heavily inspired by Aquatone. Why? When I utilize Aquatone to flyover some hosts, I have some performance issues by the screenshot feature, and the lack of extension capabilities - like validating front-end technologies with a...
sos bug fix and enhancement update
The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. Bug Fixes and Enhancements: network glitch while running ethtool -e command in sosreport BZ1928627...
CVE-2021-23985
If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker able to make a direct network...