Lucene search
+L

31 matches found

CVE
CVE
added 2024/10/29 4:23 p.m.78 views

CVE-2024-10491

The CVE-2024-10491 entry concerns the Express framework: the response.links function mishandles sanitization of Link header values, enabling arbitrary resource injection via certain characters (e.g., , ; ). Public-connected docs (GHSA, OSV, Debian OSV entries) reiterate the same issue and describ...

5.3CVSS4.6AI score0.00429EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/10/29 4:23 p.m.39 views

CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

4CVSS0.00429EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2024/10/29 4:23 p.m.88 views

CVE-2024-10491

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

5.3CVSS5.8AI score0.00429EPSS
Exploits1
OSV
OSV
added 2024/10/29 4:23 p.m.17 views

CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

4CVSS6.1AI score0.00429EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/04/24 12:0 a.m.9 views

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

6.8CVSS8.8AI score0.0059EPSS
Exploits0References2
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.9 views

NounsDAOLogicV2's state() and proposals() will use initial dynamic params for all V1 proposals

Lines of code Vulnerability details state and proposals call quorumVotesid that utilize initial dynamic params for all V1 proposals by misusing 0 as a proposal creation block. I.e. new field is referenced while it is zero for all V1 proposals. This way all V1 proposals will use the same initial s...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/06 12:0 a.m.159 views

SnipCommand 0.1.0 Cross Site Scripting / Code Execution

Exploit Title: SnipCommand 0.1.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux,...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/05/05 12:0 a.m.29 views

SnipCommand 0.1.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: SnipCommand 0.1.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux, MacOs Software Description: Open source command snippets manage...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/05 12:0 a.m.199 views

SnipCommand 0.1.0 - Persistent Cross-Site Scripting

Exploit Title: SnipCommand 0.1.0 - XSS to RCE Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux, MacOs Software Description: Open source comman...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2018/02/21 8:33 p.m.43 views

BlackWidow - A Python Based Web Application Scanner To Gather OSINT And Fuzz For OWASP Vulnerabilities On A Target Website

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. DEMO VIDEO: FEATURES: Automatically...

7.3AI score
Exploits0References1
n0where
n0where
added 2018/01/09 5:14 a.m.19 views

Web Application Spider: BlackWidow

BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities. Features: Automatically collect all URL’...

0.6AI score
Exploits0References1
Rows per page
Query Builder