Lucene search
K

4420 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2021/05/19 12:0 a.m.11 views

The creation and success of a documentation site

Gain a better understanding of why collaboration between developers and writers is necessary to create a successful documentation site...

3.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/18 12:0 a.m.192 views

Microsoft ACL Shortcomings

Hi @ll, the following is a substantially shortened version of and Windows NT supports access control for almost all its objects, "How Security Descriptors and Access Control Lists Work" and "How Permissions Work" provide a comprehensive and exhaustive explanation. "Access Control Lists" provides ...

7.4AI score
Exploits0
OSV
OSV
added 2021/05/17 8:58 p.m.18 views

GHSA-RWXP-HWWF-653V Insecure template handling in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

5.4CVSS6.6AI score0.01268EPSS
Exploits1References6
Fedora
Fedora
added 2021/05/16 2:6 a.m.99 views

[SECURITY] Fedora 33 Update: kernel-tools-5.11.20-200.fc33

This package contains the tools/ directory from the kernel source and the supporting documentation...

7.2CVSS7.9AI score0.27477EPSS
Exploits8
Fedora
Fedora
added 2021/05/16 2:3 a.m.88 views

[SECURITY] Fedora 34 Update: kernel-tools-5.11.20-300.fc34

This package contains the tools/ directory from the kernel source and the supporting documentation...

7.2CVSS7.9AI score0.27477EPSS
Exploits8
Prion
Prion
added 2021/05/14 7:15 p.m.19 views

Information disclosure

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

4.3CVSS6.7AI score0.01268EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/05/14 6:15 p.m.12 views

CVE-2021-32817 File disclosure in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

5.4CVSS6.9AI score0.01268EPSS
Exploits1References4
Rapid7 Blog
Rapid7 Blog
added 2021/05/14 5:29 p.m.145 views

Metasploit Wrap-Up

Stopped at the gate? A fun new module from timwr, taking advantage of a technique reported by Cedric Owens, is reminding everyone if there is no fence a gate will not deter us. The new module provides a quick wrapper for payloads that bypasses download origination and authorization requirements...

6.8CVSS1.2AI score0.99981EPSS
Exploits44
Circl
Circl
added 2021/05/14 1:56 a.m.40 views

CVE-2021-26828

creationtimestamp| type| source ---|---|--- 2021-05-14 01:56:05+00:00| seen| https://t.me/pwnwikizhchannel/422 2022-07-04 22:17:17+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3610 2023-12-12 01:23:48+00:00| seen| https://t.me/arpsyndicate/1785 2025-01-06...

8.8CVSS7.5AI score0.39096EPSS
Exploits8References21
Hacker One
Hacker One
added 2021/05/13 1:16 p.m.16 views

Nextcloud: Talk discloses turn server to anybody

The attack is straight forward. 1. send a request to bash curl -H 'OCS-APIREQUEST: true' https://server/ocs/v2.php/apps/spreed/api/v2/signaling/settings And you get back a lot of information. signaling server stun server turn server inc credentials The stun server is harmless enough. I did not lo...

6.9AI score
Exploits0
Fedora
Fedora
added 2021/05/13 1:23 a.m.48 views

[SECURITY] Fedora 32 Update: kernel-tools-5.11.19-100.fc32

This package contains the tools/ directory from the kernel source and the supporting documentation...

5.5CVSS1.9AI score0.00306EPSS
Exploits0
Fedora
Fedora
added 2021/05/13 1:22 a.m.48 views

[SECURITY] Fedora 33 Update: kernel-tools-5.11.19-200.fc33

This package contains the tools/ directory from the kernel source and the supporting documentation...

5.5CVSS1.9AI score0.00306EPSS
Exploits0
Fedora
Fedora
added 2021/05/13 1:5 a.m.38 views

[SECURITY] Fedora 34 Update: kernel-tools-5.11.19-300.fc34

This package contains the tools/ directory from the kernel source and the supporting documentation...

5.5CVSS1.9AI score0.00306EPSS
Exploits0
NVD
NVD
added 2021/05/10 8:15 p.m.16 views

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

6.2CVSS0.00404EPSS
Exploits1References3
Prion
Prion
added 2021/05/10 8:15 p.m.24 views

Design/Logic Flaw

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

2.1CVSS5.6AI score0.00404EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/05/10 7:25 p.m.109 views

CVE-2021-21430

OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...

6.2CVSS5.7AI score0.00404EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/05/10 7:15 p.m.34 views

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

7CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/05/10 7:15 p.m.22 views

Design/Logic Flaw

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

4.4CVSS6.7AI score0.00351EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/07 10:2 a.m.28 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2021-25735)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could allow node updates to bypass a validating admission webhook CVE-2021-25735 Vulnerability Details CVEID: CVE-2021-25735 Description: Kubernetes kube-apiserver could allow a remote...

6.5CVSS0.1AI score0.05524EPSS
Exploits1Affected Software1
Packet Storm
Packet Storm
added 2021/05/06 12:0 a.m.152 views

Markdown-Explorer 0.1.1 Cross Site Scripting / Code Execution

Exploit Title: Markdown-Explorer 0.1.1 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/jersou/markdown-explorer Version: 0.1.1 Tested on: Windows,...

0.1AI score
Exploits0
Rows per page
Query Builder