Lucene search
K

9267 matches found

Kitploit
Kitploit
added 2023/12/02 11:30 a.m.27 views

T3SF - Technical Tabletop Exercises Simulation Framework

T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list MSEL together with a set of rules defined for each exercise optional and a configuration that allows defining the parameters of the corresponding platform. The main module...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/02 12:0 a.m.31 views

SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2023:4625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4625-1 advisory. containerd: -Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8...

5.5CVSS6.7AI score0.00462EPSS
Exploits0References11
Rapid7 Blog
Rapid7 Blog
added 2023/12/01 5:19 p.m.75 views

CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API

Rapid7 is responding to CVE-2023-49103, an unauthenticated information disclosure vulnerability impacting ownCloud. Background ownCloud is a file sharing platform designed for enterprise environments. On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosu...

7.5CVSS8.4AI score0.78428EPSS
Exploits5
OSV
OSV
added 2023/12/01 8:26 a.m.7 views

SUSE-SU-2023:4625-1 Security update for containerd, docker, runc

This update for containerd, docker, runc fixes the following issues: containerd: -Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 docker: - Update to Docker 24.0.7-ce. See upstream changelong online at...

5.5CVSS6.8AI score0.00462EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2023/12/01 2:25 a.m.254 views

Exploit for Improper Access Control in Joomla Joomla\!

Joomla-CVE-2023-23752 This Python implementation serves an edu...

5.3CVSS6AI score0.99827EPSS
Exploits43
CVE
CVE
added 2023/11/30 7:14 a.m.31 views

CVE-2023-49077

CVE-2023-49077 affects Mailcow: dockerized. A Cross-Site Scripting (XSS) vulnerability exists in the Quarantine UI, whereby an attacker could leverage a crafted email to execute malicious JavaScript in an administrator’s browser. The issue is documented across multiple sources and has been patche...

8.3CVSS6.1AI score0.00443EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/11/30 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2023-0329)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.02733EPSS
Exploits3References12
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 9:30 p.m.29 views

Security Bulletin: IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKE...

6.5CVSS7AI score0.01198EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/11/29 9:0 p.m.10 views

MGASA-2023-0329 Updated docker packages fix security vulnerabilities and bugs

This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed /etc/sysconfig/docker-storage - Fix CVE-2023-26054 and CVE-2023-28840-2...

8.7CVSS7.2AI score0.02733EPSS
Exploits3References11
Mageia
Mageia
added 2023/11/29 9:0 p.m.49 views

Updated docker packages fix security vulnerabilities and bugs

This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed /etc/sysconfig/docker-storage - Fix CVE-2023-26054 and CVE-2023-28840-2...

8.7CVSS7.1AI score0.02733EPSS
Exploits3References10
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.367 views

etcd-browser 87ae63d75260 Directory Traversal

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/11/28 12:0 a.m.320 views

etcd-browser 87ae63d75260 Directory Traversal Vulnerability

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.6 views

PT-2023-9077 · Traefik +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.10.6 Traefik versions prior to 3.0.0-beta5 Description: The issue is related to the Traefik docker container using 100% CPU when it serves as its own backend, resulting from the Docker integration in the default...

8.1CVSS6.5AI score0.99999EPSS
Exploits23References67
wpexploit
wpexploit
added 2023/11/27 12:0 a.m.165 views

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...

7.2CVSS8.7AI score0.01034EPSS
Exploits2
Kitploit
Kitploit
added 2023/11/24 11:30 a.m.32 views

Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities

Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...

7.6AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.19 views

News & Blog Designer Pack – WordPress Blog Plugin < 3.4.2 - Unauthenticated Remote Code Execution via Local File Inclusion

Description The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the...

9.8CVSS10AI score0.04262EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/11/22 4:15 p.m.11 views

CVE-2023-5815

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

9.8CVSS0.04262EPSS
Exploits0References4
Prion
Prion
added 2023/11/22 4:15 p.m.23 views

Remote code execution

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

7.5CVSS8.6AI score0.04262EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.42 views

CVE-2023-5815 News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

8.1CVSS10AI score0.04262EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/11/22 3:33 p.m.11 views

CVE-2023-5815 News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

8.1CVSS7.7AI score0.04262EPSS
Exploits0References4
Rows per page
Query Builder