Lucene search
+L

62 matches found

NVD
NVD
added 2023/12/29 12:15 p.m.34 views

CVE-2023-7078

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...

8.1CVSS0.00552EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 9:14 a.m.23 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Scale Container Native could allow access to container outside the current namespace

Summary Multipe security vulnerabilities have been identified in IBM Storage Scale Container Native that could allow access to container outside the current namespace. A fix for these vulnerabilities is available. Vulnerability Details CVEID:CVE-2022-41738 DESCRIPTION: IBM Spectrum Scale could...

7.5CVSS7.3AI score0.00395EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2023/04/03 12:0 a.m.226 views

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

6.8AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:39 p.m.39 views

K74759095: SafeNet External Network HSM script vulnerability CVE-2017-6165

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM...

9.8CVSS9.4AI score0.01925EPSS
Exploits0Affected Software11
Packet Storm
Packet Storm
added 2022/06/19 12:0 a.m.613 views

ChurchCRM 4.4.5 SQL Injection

Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection PWN cookie...

7.2CVSS7AI score0.04968EPSS
Exploits5
0day.today
0day.today
added 2022/06/11 12:0 a.m.183 views

ChurchCRM 4.4.5 SQL injection session hijacking Vulnerability

Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection hijacking sessio...

7.2CVSS7AI score0.04968EPSS
Exploits5
NVD
NVD
added 2022/01/28 8:15 p.m.11 views

CVE-2021-22799

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...

3.8CVSS0.00237EPSS
Exploits0References1
OSV
OSV
added 2021/06/08 3:15 p.m.22 views

CVE-2021-33190

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

5.3CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2021/05/13 2:15 p.m.33 views

CVE-2021-20999

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...

9.8CVSS0.00947EPSS
Exploits0References1
Prion
Prion
added 2021/05/13 2:15 p.m.19 views

Spoofing

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...

7.5CVSS9.2AI score0.00947EPSS
Exploits0References1Affected Software4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/04 5:37 a.m.6 views

Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Overview Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Incorrect Implementation of Authentication Algorithm CWE-303 - CVE-2020-5686 NEC Platforms,...

10CVSS7.7AI score0.01803EPSS
Exploits0References8
Hacker One
Hacker One
added 2020/08/12 6:35 p.m.19 views

Mail.ru: Открытый Confluence и доступы к чату операторов в Skype

Confluence opened to external network without authentication on city-mobil.ru...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2020/07/25 5:56 a.m.101 views

Ruby on Rails: Server-side template injection at ujs test server

I have found in the server code for testing ujs in Rails that template injection is possible and that leads to rce. code https://github.com/rails/rails/blob/v6.0.3.2/actionview/test/ujs/server.rb ruby module UJS class Server Blade::Assets.environment get "/" = "testsindex" match "/echo" =...

0.3AI score
Exploits0
NVD
NVD
added 2020/07/06 6:15 p.m.19 views

CVE-2020-5372

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment...

8.6CVSS0.00944EPSS
Exploits0References1
Prion
Prion
added 2020/07/06 6:15 p.m.19 views

Design/Logic Flaw

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment...

5CVSS7.5AI score0.00944EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2020/07/06 5:45 p.m.20 views

CVE-2020-5372

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment...

8.6CVSS8.5AI score0.00944EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/06/23 12:15 a.m.17 views

Mail.ru: Access admin interface via bad credentials

Staging testing version of plazius.ru manager's interface was available from external network with guessable default credentials. This interface had no access to production data...

5.4AI score
Exploits0
Hacker One
Hacker One
added 2020/06/14 10:4 p.m.14 views

Mail.ru: Открытая админка 1C эмулятора

Staging testing versions of 1C-emulator and Adminer interfaces was available from external network without authentication on geekbrains.ru. This interfaces had no access to production data...

5.1AI score
Exploits0
OSV
OSV
added 2020/03/20 7:15 p.m.22 views

CVE-2020-8135

The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...

9.8CVSS6.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/12/18 11:30 a.m.350 views

ReconCobra - Complete Automated Pentest Framework For Information Gathering

ReconCobra Reconcobra is Foot printing software for Ultimate Information Gathering Kali, Parrot OS, Black Arch, Termux, Android Led TV Interface Software have 82 Options with full automation with powerful information gathering capability In-Action !https://blogger.googleuser...

7AI score
Exploits0References2
Rows per page
Query Builder