Lucene search
+L

200 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/25 1:15 p.m.10 views

CVE-2022-1551

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...

6.5CVSS6.6AI score0.00807EPSS
Exploits2References2
Veracode
Veracode
added 2022/06/15 6:49 a.m.47 views

Information Disclosure

notebook is vulnerable to information disclosure. Authenticated attackers are able to access sensitive files, when the server root directory's only protection from the server is being hidden. The issue is there because the requests directed through ContentsManager.allowhidden = False command only...

4.3CVSS4.8AI score0.0103EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/04/28 4:15 p.m.3 views

CVE-2022-28892

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery CSRF because randomly generated tokens are too easily guessable...

8.8CVSS7.2AI score0.00446EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.6 views

Mahara 跨站请求伪造漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. Mahara suffers from a security vulnerability that stems from randomly generated tokens that are too easy to guess and are susceptible to cross-site request forgery CSRF attacks. The following products and version...

8.8CVSS7.6AI score0.00446EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/04/18 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.4 - Booking Data Disclosure

The plugin has guessable booking IDs, which could allow attackers to retrieve booking data via an IDOR in the search request...

5.3CVSS4AI score0.01067EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/03/04 12:0 a.m.24 views

GHSA-Q24H-5RQ3-63J9 Incorrect Authorization in @uppy/companion

@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular na...

7.5CVSS7.4AI score0.00963EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/03/04 12:0 a.m.33 views

Incorrect Authorization in @uppy/companion

@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular na...

7.5CVSS4.1AI score0.00963EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/03 12:0 a.m.5 views

PT-2022-13242 · Unknown +1 · @Uppy/Companion +1

Name of the Vulnerable Software and Affected Versions: uppy versions prior to 3.3.1 @uppy/companion versions prior to 3.3.1 Description: The issue allows for exposure of sensitive information to an unauthorized actor. It also enables incorrect authorization, where a user with URL upload access...

7.5CVSS7.2AI score0.00963EPSS
Exploits1References9
OSV
OSV
added 2021/12/08 12:15 a.m.4 views

DEBIAN-CVE-2021-43808

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...

6.1CVSS5.5AI score0.00799EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/26 6:2 p.m.13 views

in kcal-app/kcal

Description Weak password implementation Proof of Concept step 1: login into account goto http://demo.kcal.cooking/users/kcal/edit step 2: change password kcal to 12 and save changes step 3: we can see updated message application is allowing to set weak password. poc of image in below link...

7AI score
Exploits0References1
Huntr
Huntr
added 2021/09/15 1:51 p.m.11 views

in babybuddy/babybuddy

Description Weak password implementation Proof of Concept step 1: login into account step 2: goto settings http://demo.baby-buddy.net/user/password/ step 3: change password admin to 12 and save changes step 4: we can see updated message application is allowing to set weak password. poc of image i...

7AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2021/07/06 2:27 p.m.51 views

Vulnerability in the Kaspersky Password Manager

A vulnerability just patched in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic...

0.7AI score
Exploits0
OSV
OSV
added 2020/12/23 5:15 p.m.5 views

CVE-2020-11719

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key...

7.5CVSS7.1AI score0.00994EPSS
Exploits0References2
NVD
NVD
added 2020/12/23 5:15 p.m.21 views

CVE-2020-11719

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key...

7.5CVSS7.6AI score0.00994EPSS
Exploits0References2
CNVD
CNVD
added 2020/08/24 12:0 a.m.4 views

EdgeSwitch Command Injection Vulnerability

EdgeSwitch is a poe Gigabit switch from Ubiquiti Networks Ubiquiti Express and is part of the EdgeMAX series. A command injection vulnerability exists in EdgeSwitch versions prior to 1.9.1. The vulnerability stems from a guessable SIDSSL cookie in the administrator web interface of an older versi...

10CVSS7.8AI score0.0341EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/08/18 4:30 p.m.6 views

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

7.5CVSS6.8AI score0.93422EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2020/08/18 9:29 a.m.9 views

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

7.5CVSS6.8AI score0.93422EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2020/08/10 9:9 a.m.4 views

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

7.5CVSS6.8AI score0.93422EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2020/08/10 9:9 a.m.4 views

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

7.5CVSS6.8AI score0.93422EPSS
Exploits5References5
NVD
NVD
added 2020/06/29 5:15 p.m.19 views

CVE-2020-14070

An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executarlogin.php result in admin access...

10CVSS0.0181EPSS
Exploits0References2
Rows per page
Query Builder