Lucene search
+L

8137 matches found

Positive Technologies
Positive Technologies
added 2021/03/23 12:0 a.m.9 views

PT-2021-14479 · Jellyfin · Jellyfin

Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.7.1 Description: The issue allows arbitrary file read from a Jellyfin server's file system with well-crafted requests to certain "API Endpoints". This is more prevalent when Windows is used as the host OS. Server...

7.7CVSS6.6AI score0.79855EPSS
Exploits4References10
Kitploit
Kitploit
added 2021/03/21 8:30 p.m.136 views

Vajra - A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks

An automated web hacking framework for web applications Detailed insight about Vajra can be found at https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8 About Vajra Vajra is an automated web hacking framework to automate boring recon tasks and same...

7.4AI score
Exploits0References3
0day.today
0day.today
added 2021/03/19 12:0 a.m.31 views

Online News Portal 1.0 - (Multiple) Stored Cross-Site Scripting Vulnerability

Exploit Title: Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

7.4AI score
Exploits0
Prion
Prion
added 2021/03/18 2:15 p.m.23 views

Design/Logic Flaw

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances...

4CVSS4.5AI score0.00722EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/03/18 12:0 a.m.60 views

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0835-1)

This update for the Linux Kernel 4.4.121-92149 fixes several issues. The following security issues were fixed : CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation bsc1179616. CVE-2020-28374: Fixed insufficient identifier checking in...

8.1CVSS6.7AI score0.06563EPSS
Exploits3References16
RedHat Linux
RedHat Linux
added 2021/03/17 3:8 p.m.4 views

etcd: no authentication is performed against endpoints provided in the --endpoints flag

A flaw was found in etcd. The gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No...

6.5CVSS7.2AI score0.01636EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2021/03/15 12:0 a.m.17 views

Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation

Several AJAX endpoints in the plugin were unprotected, allowing students to modify course information and elevate their privileges among many other actions. PoC Only one PoC provided for privilege escalation. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output =...

6.5CVSS2AI score0.01439EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/03/12 12:0 a.m.63 views

JFrog < 6.1 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 6.1. It is, therefore, affected by multiple vulnerabilities: - A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which...

9.8CVSS7.3AI score0.37925EPSS
Exploits8References3
NVD
NVD
added 2021/03/02 7:15 p.m.26 views

CVE-2020-28657

In bPanel 2.0, the administrative ajax endpoints aka ajax/aj.php are accessible without authentication and allow SQL injections, which could lead to platform compromise...

9.8CVSS0.01668EPSS
Exploits0References1
OSV
OSV
added 2021/03/02 7:15 p.m.4 views

CVE-2020-28657

In bPanel 2.0, the administrative ajax endpoints aka ajax/aj.php are accessible without authentication and allow SQL injections, which could lead to platform compromise...

9.8CVSS7.3AI score0.01668EPSS
Exploits0References1
Prion
Prion
added 2021/03/02 7:15 p.m.22 views

Sql injection

In bPanel 2.0, the administrative ajax endpoints aka ajax/aj.php are accessible without authentication and allow SQL injections, which could lead to platform compromise...

7.5CVSS9.6AI score0.01668EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/02 6:10 p.m.30 views

CVE-2020-28657

In bPanel 2.0, the administrative ajax endpoints aka ajax/aj.php are accessible without authentication and allow SQL injections, which could lead to platform compromise...

9.9AI score0.01668EPSS
Exploits0References1
CVE
CVE
added 2021/03/02 6:10 p.m.72 views

CVE-2020-28657

CVE-2020-28657 affects bPanel 2.0. The vulnerability is in the administrative ajax endpoints (ajax/aj_*.php), which are accessible without authentication and allow SQL injections, potentially enabling platform compromise. The issue is documented across multiple connected records (NVD entry and RH...

9.8CVSS9.7AI score0.01668EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/02/22 5:15 p.m.4 views

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

9.8CVSS5.8AI score
Exploits0References3
CNVD
CNVD
added 2021/02/18 12:0 a.m.11 views

Accellion FTA OS Command Injection Vulnerability

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912370 and earlier versions. An attacker can exploit this vulnerability by...

10CVSS7.5AI score0.56411EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.8 views

Apache Airflow 访问控制错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow version 2.0.0, which stems from t...

5.3CVSS6AI score0.04555EPSS
Exploits0References6
NVD
NVD
added 2021/02/16 9:15 p.m.16 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

10CVSS0.56411EPSS
Exploits0References3
OSV
OSV
added 2021/02/16 9:15 p.m.5 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

9.8CVSS7.4AI score0.56411EPSS
Exploits0References3
Prion
Prion
added 2021/02/16 9:15 p.m.19 views

Command injection

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

10CVSS9.5AI score0.56411EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/02/16 12:0 a.m.59 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS6.6AI score0.56411EPSS
In wildExploits0References3
Rows per page
Query Builder