Lucene search
K

8696 matches found

Kitploit
Kitploit
added 2018/11/06 12:48 p.m.133 views

Robber - Tool For Finding Executables Prone To DLL Hijacking

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ?! Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path triggering this search...

7.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.23 views

Drupal 8.2.x < 8.2.0-rc2 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists that is due to the program allowing users who have rights to edit a node to set the visibility for comments on that node. This may allow an authenticated remote...

6.1CVSS5.5AI score0.01716EPSS
Exploits0References5
OSV
OSV
added 2018/10/29 12:29 p.m.4 views

CVE-2016-10734

ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...

9.8CVSS5.8AI score0.01545EPSS
Exploits0References1
Broadcom
Broadcom
added 2018/10/29 12:0 a.m.6 views

BSA-2018-728

Security Advisory ID : BSA-2018-728 Component : Fabric OS CLI : secryptocfg export command Revision : 1.0: Initial A vulnerability in the secryptocfg export command of Brocade Fabric OS could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the...

5.5CVSS6.8AI score0.00342EPSS
Exploits0
Kitploit
Kitploit
added 2018/10/26 12:19 p.m.1518 views

Slither - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

7.5AI score
Exploits0References3
Exploit DB
Exploit DB
added 2018/10/22 12:0 a.m.25 views

Oracle Siebel CRM 8.1.1 - CSV Injection

Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Date: 2018-10-21 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: http://www.oracle.com/us/products/applications/siebel/siebel-crm-8-1-1-066196.html Version: Oracle Siebel CRM Versio...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/10/04 1:25 p.m.23 views

Cb Integrations: Cb Response Timeliner

Editor's Note: This post originally appeared on StillzTech.com and is being republished with permission from the author. Github: Incident Response is a challenging career. As responders, we must do our best to keep up to date with the latest attack trends, malware and forensic techniques...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/10/04 1:25 p.m.46 views

Cb Integrations: Cb Response Timeliner

Editor's Note: This post originally appeared on StillzTech.com and is being republished with permission from the author. Github: Incident Response is a challenging career. As responders, we must do our best to keep up to date with the latest attack trends, malware and forensic techniques...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2018/10/02 12:23 p.m.355 views

Gurp - Golang command-line interface to Burp Suite's REST API

Requirements BurpSuite Professional v2.0.0beta or greater from PortSwigger Dependencies go get -u -v github.com/fatih/color go get -u -v github.com/integrii/flaggy go get -u -v github.com/tidwall/gjson go get -u -v github.com/grokify/html-strip-tags-go Binaries Latest version available here...

8.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/10/02 12:0 a.m.4 views

PT-2018-3878 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G devices affected versions not specified Description: The issue is related to the lack of authentication in certain components of the D-Link DIR-823G device's firmware, specifically ExportSettings.sh, upload settings.cgi,...

10CVSS9.8AI score0.04115EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/29 6:4 p.m.40 views

Security Bulletin: Vulnerabilities in IBM Java runtime affect ClearQuest Eclipse (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® Runtime Environment Java™ Technology Edition that is used by ClearQuest Eclipse client. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

4.3CVSS1.2AI score0.03262EPSS
Exploits0Affected Software1
Qualys Blog
Qualys Blog
added 2018/09/27 11:58 a.m.72 views

Qualys Cloud Platform 2.34.1 New Features

This release of the Qualys Cloud Platform version 2.34.1 includes updates and new features for Cloud Agent & AWS EC2 Connector, AssetView, CloudView, and Security Assessment Questionnaire, highlights as follows. Cloud Agent & AWS EC2 Connector Automatic Merge of Cloud Agents running in Amazon Web...

0.4AI score
Exploits0
Veeam
Veeam
added 2018/09/19 12:0 a.m.23 views

Veeam Service Provider Console – Compile and Upload Management Agent Logs

Challenge This article covers how to Management Agent logs for both client agents and the Cloud Connect agent. Solution Export Management Agent Logs To export Veeam Service Provider Console Management Agent logs for one or more client agents, please: 1. Log into the Veeam Service Provider Console...

6.8AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/09/14 12:0 a.m.4 views

Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)

Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...

7.2CVSS6.9AI score0.18024EPSS
Exploits4References1
OSV
OSV
added 2018/09/07 10:29 p.m.4 views

UBUNTU-CVE-2018-15474

DISPUTED CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has...

9.6CVSS6.2AI score0.03334EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2018/09/07 12:0 a.m.5 views

PT-2018-13040 · Dokuwiki · Dokuwiki

Name of the Vulnerable Software and Affected Versions: DokuWiki versions 2018-04-22a and earlier Description: The issue allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export in the /lib/plugins/usermanager/admin.php file...

9.6CVSS9.6AI score0.03334EPSS
Exploits3References11
CNVD
CNVD
added 2018/08/31 12:0 a.m.4 views

CA PPM Cross-Site Scripting Vulnerability

CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. A cross-site scripting vulnerability exists in the gridExcelExport feature in CA PPM, which...

6.1CVSS6AI score0.00899EPSS
Exploits0References1
OSV
OSV
added 2018/08/30 2:29 p.m.4 views

CVE-2018-13825

Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks...

6.1CVSS5.8AI score0.00899EPSS
Exploits0References2
OSV
OSV
added 2018/08/28 5:29 p.m.2 views

CVE-2018-15571

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...

8.6CVSS5.8AI score0.01498EPSS
Exploits1References2
NVD
NVD
added 2018/08/28 5:29 p.m.16 views

CVE-2018-15571

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...

8.6CVSS8.8AI score0.01498EPSS
Exploits1References2
Rows per page
Query Builder