Lucene search
K

4419 matches found

Check Point Advisories
Check Point Advisories
added 2020/05/26 12:0 a.m.0 views

HTTP Suspicious Linux Usr Paths

Linux sub-directory usr contains user binaries, their documentation, libraries, header files, and its supporting libraries. A remote attacker may create a malicious HTTP request to obtain sensitive information...

1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/05/22 7:55 p.m.13 views

italianbotanist.pensoft.net Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1169261 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.1AI score
Exploits0
OSV
OSV
added 2020/05/22 6:14 p.m.7 views

OPENSUSE-SU-2020:0696-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised bsc1155094. - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs...

7.5CVSS8AI score0.0549EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/05/22 12:0 a.m.41 views

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:1339-1)

This update for python fixes the following issues : Security issues fixed : CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised bsc1155094. CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs...

7.5CVSS7.2AI score0.0549EPSS
Exploits0References7
Gitee
Gitee
added 2020/05/20 7:43 p.m.5 views

penetration

This repository contains a collection of penetration testing files, primarily targeting various Content Management Systems CMS and web applications. The files are organized by the CMS or application they target, with each folder containing multiple files related to specific vulnerabilities or...

8.4AI score
Exploits0
OSV
OSV
added 2020/05/19 11:22 a.m.6 views

SUSE-SU-2020:1339-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised bsc1155094. - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs...

7.5CVSS7AI score0.0549EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.21 views

Fedora: Security Advisory for mailman (FEDORA-2020-69f2f1d987)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.7AI score0.02288EPSS
Exploits0References2
Photon
Photon
added 2020/05/14 12:0 a.m.64 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0294

An update of 'salt', 'salt3', 'ruby' packages of Photon OS has been released...

7.5CVSS0.9AI score0.96405EPSS
Exploits26
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.53 views

PAN-OS: OS injection vulnerability in PAN-OS management server

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

8.8CVSS3.8AI score0.02659EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.56 views

PAN-OS: Authenticated user command injection vulnerability

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. Work around: This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing t...

7.2CVSS3AI score0.02248EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.50 views

PAN-OS: DOM-Based cross site scripting vulnerability in management web interface

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...

8.8CVSS2.5AI score0.00828EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.72 views

PAN-OS: Panorama management server log injection

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...

5.3CVSS1.3AI score0.00905EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.59 views

PAN-OS: Buffer overflow in management server payload parser

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. Work around: This issue affects the management interface of PAN-OS and is strongly mitigated by following best...

8.8CVSS2.6AI score0.01895EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/05/11 9:30 p.m.57 views

Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack

wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. Main Features Rogue access point attack Man-in-the-middle attack...

7.2AI score
Exploits0References5
Photon
Photon
added 2020/05/08 12:0 a.m.35 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0240

An update of 'ceph' packages of Photon OS has been released...

5CVSS0.9AI score0.02654EPSS
Exploits0
NVD
NVD
added 2020/05/07 5:15 p.m.9 views

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

9.1CVSS9.1AI score0.02091EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/05/07 4:9 p.m.17 views

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

9.1AI score0.02091EPSS
Exploits0References4
OSV
OSV
added 2020/05/01 7:15 p.m.29 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS9.3AI score
Exploits0References20
Atlassian
Atlassian
added 2020/04/30 9:4 a.m.119 views

The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569

h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2020-1935|https://vulners.com/cve/CVE-2020-1935 CVE-2019-17569|https://vulners.com/cve/CVE-2019-17569 CVE-2020-1938|https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2020-1938 Which affects the following...

9.8CVSS8.3AI score0.9927EPSS
Exploits45Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/29 5:41 p.m.70 views

Authentication and extension bypass in Faye

On 20 April 2020 it was reported to me that the potential for authentication bypass exists in Faye1's extension system. This vulnerability has existed in the Node.js and Ruby versions of the server since version 0.5.0, when extensions were first introduced, in July 2010. It is patched in versions...

9.8CVSS9.2AI score0.01534EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder