Lucene search
K

4421 matches found

OSV
OSV
•added 2021/07/12 11:15 p.m.•12 views

CVE-2021-32746

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the doc module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permissio...

5.3CVSS6.9AI score
Exploits0References4
AlpineLinux
AlpineLinux
•added 2021/07/12 10:25 p.m.•25 views

CVE-2021-32746

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the doc module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permissio...

5.3CVSS5.4AI score0.01306EPSS
Exploits1
NVD
NVD
•added 2021/07/02 7:15 p.m.•22 views

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

6.5CVSS0.00514EPSS
Exploits0References2
Rosalinux
Rosalinux
•added 2021/07/02 5:30 p.m.•8 views

Advisory ROSA-SA-2021-1924

Software: mpfr 3.1.1 OS: Cobalt 7.9 CVE-ID: CVE-2014-9474 CVE-Crit: CRITICAL CVE-DESC: Buffer overflow in mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-sensitive attackers to have undefined impact via vectors associated with incorrect documentation for mpnsetstr. CVE-STATUS:...

9.8CVSS7.3AI score0.0429EPSS
Exploits0
0day.today
0day.today
•added 2021/07/02 12:0 a.m.•145 views

Wordpress Modern Events Calendar 5.16.2 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Versio...

7.2CVSS0.3AI score0.88158EPSS
Exploits9
Photon
Photon
•added 2021/07/02 12:0 a.m.•37 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0366

An update of 'curl' packages of Photon OS has been released...

4.3CVSS0.9AI score0.02979EPSS
Exploits1
OSV
OSV
•added 2021/07/01 5:2 p.m.•17 views

GHSA-2CC5-23R7-VC4V Ratpack's default client side session signing key is highly predictable

Impact The client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is not on by default, the session data could be tampered with by someone with...

4.4CVSS4.5AI score0.00262EPSS
Exploits0References4
OSV
OSV
•added 2021/07/01 5:2 p.m.•12 views

GHSA-PHJ8-4CQ3-794G Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

6.5CVSS7.2AI score0.00455EPSS
Exploits0References4
Github Security Blog
Github Security Blog
•added 2021/07/01 5:2 p.m.•72 views

Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

7.5CVSS0.7AI score0.00455EPSS
Exploits0References4Affected Software1
0day.today
0day.today
•added 2021/07/01 12:0 a.m.•132 views

Wordpress XCloner 4.2.12 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wordpress Plugin XCloner 4.2.12 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.xcloner.com/ Software Link: https://downloads.wordpress.org/plugin/xcloner-backup-and-restore.4.2.12.zip Version: 4.2.1 - 4.2.12 Tested on: Ubunt...

9.9CVSS0.4AI score0.24937EPSS
Exploits5
Gitee
Gitee
•added 2021/06/30 10:20 p.m.•3 views

vulhub

This is an open-source, community-driven project called Vulhub, which provides a comprehensive collection of vulnerable systems and applications for educational and testing purposes. The repository contains a wide range of vulnerable systems, including web applications, databases, and networks, a...

7.2AI score
Exploits0
Prion
Prion
•added 2021/06/29 7:15 p.m.•13 views

Default configuration

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

3.5CVSS4AI score0.00262EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/06/29 7:15 p.m.•13 views

Design/Logic Flaw

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

5CVSS7.1AI score0.00455EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
•added 2021/06/29 6:15 p.m.•25 views

CVE-2021-29480 Default client side session signing key is highly predictable

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

4.4CVSS4.9AI score0.00262EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2021/06/29 1:44 p.m.•15 views

openldap bug fix and enhancement update

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, an...

0.7AI score
Exploits0
Kitploit
Kitploit
•added 2021/06/27 9:30 p.m.•71 views

Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Details Check out a series of YouTube videos...

7.3AI score
Exploits0References1
Code423n4
Code423n4
•added 2021/06/25 12:0 a.m.•10 views

User could lose underlying tokens when redeeming from the IdleYieldSource

Handle shw Vulnerability details Impact This submission is to clarify that the previous submission is invalid Proof of Concept At line 131 of IdleYieldSource, the use of the variable redeemedShare is correct since the input parameter of redeemIdleToken should be the amount of IdleTokens instead o...

6.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2021/06/24 1:13 p.m.•33 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450 with details below. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the...

7.4CVSS0.9AI score0.62906EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2021/06/24 1:10 p.m.•30 views

Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919)

Summary Operations Dashboard is vulnerable to Go vulnerabilities CVE-2021-27918 and CVE-2021-27919 with details of each below. Vulnerability Details CVEID: CVE-2021-27918 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder wi...

7.5CVSS1.2AI score0.02543EPSS
Exploits0Affected Software1
Photon
Photon
•added 2021/06/24 12:0 a.m.•54 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0408

An update of 'linux', 'linux-esx' packages of Photon OS has been released...

0.9AI score0.00431EPSS
Exploits1
Rows per page
Query Builder