Lucene search
K

9269 matches found

Cvelist
Cvelist
added 2023/11/22 3:33 p.m.42 views

CVE-2023-5815 News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

8.1CVSS10AI score0.04262EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/11/22 3:33 p.m.11 views

CVE-2023-5815 News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

8.1CVSS7.7AI score0.04262EPSS
Exploits0References4
NVD
NVD
added 2023/11/21 10:15 p.m.43 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS0.78428EPSS
Exploits5References3
Prion
Prion
added 2023/11/21 10:15 p.m.23 views

Design/Logic Flaw

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

5CVSS6.4AI score0.78428EPSS
Exploits5References2Affected Software1
GithubExploit
GithubExploit
added 2023/11/21 3:45 p.m.542 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228 minecraft demo This demo is used at...

10CVSS9.1AI score0.99999EPSS
Exploits347
Kitploit
Kitploit
added 2023/11/21 11:30 a.m.23 views

CureIAM - Clean Accounts Over Permissions In GCP Infra At Scale

Clean up of over permissioned IAM accounts on GCP infra in an automated way CureIAM is an easy-to-use, reliable, and performant engine for Least Privilege Principle Enforcement on GCP cloud infra. It enables DevOps and Security team to quickly clean up accounts in GCP infra that have granted...

7.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/11/21 12:0 a.m.23 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS6.6AI score0.78428EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2023/11/21 12:0 a.m.41 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS8.4AI score0.78428EPSS
In wildExploits5References6
GithubExploit
GithubExploit
added 2023/11/18 6:12 a.m.318 views

Exploit for Incorrect Comparison in Dynamic-Linq Linq

Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...

9.8CVSS9.8AI score0.34904EPSS
Exploits4
HackRead
HackRead
added 2023/11/17 11:53 a.m.35 views

Ddostf Botnet Resurfaces in DDoS Attacks Against MySQL and Docker Hosts

By Deeba Ahmed The Ddostf Botnet was initially identified in 2016. This is a post from HackRead.com Read the original post: Ddostf Botnet Resurfaces in DDoS Attacks Against MySQL and Docker Hosts...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/17 12:0 a.m.36 views

Amazon Linux 2 : docker (ALASECS-2023-028)

The version of docker installed on the remote host is prior to 20.10.7-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-028 advisory. A file permissions vulnerability was found in Moby Docker Engine. Copying files by using into a specially-crafted...

7.5CVSS7.4AI score0.02693EPSS
Exploits3References8
Amazon
Amazon
added 2023/11/16 12:0 a.m.2 views

Medium: containerd

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

5.9CVSS6.9AI score0.00492EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.90 views

Amazon Linux 2 : docker (ALASECS-2023-025)

The version of docker installed on the remote host is prior to 20.10.7-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-025 advisory. The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI...

5CVSS7AI score0.02085EPSS
Exploits0References4
Amazon
Amazon
added 2023/11/16 12:0 a.m.5 views

Medium: docker

Issue Overview: The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manife...

5CVSS6.9AI score0.02085EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.16 views

Amazon Linux 2 : containerd (ALASECS-2023-023)

The version of containerd installed on the remote host is prior to 1.4.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-023 advisory. A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process...

5.9CVSS6.9AI score0.00492EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/11/14 11:54 a.m.51 views

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service DDoS botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, buil...

7.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/14 12:0 a.m.8 views

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

7.1AI score
Exploits0
HackRead
HackRead
added 2023/11/13 1:27 p.m.29 views

OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

By Waqas While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2023/11/12 11:34 p.m.16 views

Exploit for Injection in Discourse

Table of contents ================= CVE-2023-47119cve...

6.1CVSS7.3AI score0.00943EPSS
Exploits1
Wolfi
Wolfi
added 2023/11/12 3:55 p.m.38 views

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: temporal, kubernetes, temporal-server, kubernetes-csi-external-resizer, docker-compose, buildkitd, envoy-ratelimit, kubescape, kubevela, kine, cri-tools, k3s, volume-modifier-for-k8s, metrics-server...

5.8AI score
Exploits0
Rows per page
Query Builder