Lucene search
K

412 matches found

vulnersOsv
vulnersOsv
added 2021/10/12 10:7 p.m.5 views

a-cv-imwrite-imread-plus (=0.12.0), aana (>=0.2.1 <=0.2.4) +3126 more potentially affected by CVE-2019-14491 via opencv-python-headless (>=4.0.0.21 <=4.1.0.25)

opencv-python-headless PYPI version =4.0.0.21, =0.2.1, =1.0.0, =0.17.3, =0.0.1.44, =0.0.1, =0.0.1, =0.2.1, =0.2.0, =0.3.0, =0.1.0, =0.1.2 and more Source cves: CVE-2019-14491 Source advisory: OSV:GHSA-FM39-CW8H-3P63...

8.2CVSS6.7AI score0.02647EPSS
Exploits1
Kitploit
Kitploit
added 2021/10/10 8:30 p.m.101 views

FUSE - A Penetration Testing Tool For Finding File Upload Bugs

FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload UEFU vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE,...

8.8CVSS5.7AI score0.64261EPSS
Exploits18References8
Kitploit
Kitploit
added 2021/09/16 11:30 a.m.25 views

Plution - Prototype Pollution Scanner Using Headless Chrome

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here:...

7.1AI score
Exploits0References2
Snyk
Snyk
added 2021/09/05 3:50 p.m.3 views

Directory Traversal

Overview convert-svg-to-png is a package for converting SVG to PNG using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a...

7.5CVSS7.3AI score0.01978EPSS
Exploits1References2
ArchLinux
ArchLinux
added 2021/07/22 12:0 a.m.229 views

[ASA-202107-65] jre-openjdk-headless: multiple issues

Arch Linux Security Advisory ASA-202107-65 ========================================== Severity: High Date : 2021-07-22 CVE-ID : CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 Package : jre-openjdk-headless Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2188 Summary =====...

7.5CVSS1.6AI score0.04238EPSS
Exploits0References12
ArchLinux
ArchLinux
added 2021/07/21 12:0 a.m.142 views

[ASA-202107-54] jre11-openjdk-headless: multiple issues

Arch Linux Security Advisory ASA-202107-54 ========================================== Severity: High Date : 2021-07-21 CVE-ID : CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 Package : jre11-openjdk-headless Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2189 Summary...

7.5CVSS1.5AI score0.04238EPSS
Exploits0References13
Kitploit
Kitploit
added 2021/07/02 12:30 p.m.110 views

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

7AI score
Exploits0References15
Hacker One
Hacker One
added 2021/04/07 12:36 a.m.90 views

QIWI: SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"

Здравствуйте! На сайте https://qiwi.com вы используете Prerender HAR Capturer 5.6.0 на основе Headless Chrome для рендеринга HTML, снимков экрана, PDF-файлов и файлов HAR с любой веб-страницы https://github.com/prerender/prerender. Если на qiwi.com послать запрос с измененным юзер-агентом...

Exploits0
0day.today
0day.today
added 2021/04/07 12:0 a.m.280 views

Monospace Directus Headless CMS File Upload / Rule Bypass Vulnerabilities

======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because of different architecture CVE number:...

8.8CVSS0.2AI score0.04867EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2021/03/01 7:38 p.m.87 views

SSRF in Rendertron

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4.3CVSS5AI score0.00325EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/03/01 7:38 p.m.22 views

GHSA-XR9H-9M79-X29G SSRF in Rendertron

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4.3CVSS4.4AI score0.00325EPSS
Exploits0References3
Veracode
Veracode
added 2021/02/24 2:52 a.m.25 views

Server-Side Request Forgery (SSRF)

rendertron is vulnerable to sever-side request forgery SSRF. The vulnerability exists as it allows the headless chrome to access the internal domains, forcing the rendertron headless chrome process to render internal sites and display the response as a screenshot...

4.3CVSS2AI score0.00325EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/02/23 12:15 p.m.36 views

CVE-2020-8902

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4.3CVSS0.00325EPSS
Exploits0References1
OSV
OSV
added 2021/02/23 12:15 p.m.23 views

CVE-2020-8902

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4.3CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2021/02/23 12:15 p.m.16 views

Server side request forgery (ssrf)

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4CVSS4.5AI score0.00325EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/23 12:0 p.m.34 views

CVE-2020-8902 SSRF in Rendertron

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

3.5CVSS4.5AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2021/02/23 12:0 p.m.60 views

CVE-2020-8902

Summary (CVE-2020-8902): Rendertron versions prior to 3.0.0 are vulnerable to an SSRF flaw. An attacker can craft a webpage that causes a headless Chrome process used by Rendertron to render internal sites accessible to the system, potentially exposing internal resources as screenshots. Affected ...

4.3CVSS4.2AI score0.00325EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.7 views

Rendertron Code Issues Vulnerabilities

Martin Splitt Rendertron is a GlobalMartin Splitt open source application providing a headless Chrome rendering solution designed to instantly render and serialize web pages. A code issue vulnerability exists in Rendertron versions prior to 3.0.0, which can be exploited by an attacker to force a...

4.3CVSS5.8AI score0.00325EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/12/26 5:34 a.m.50 views

h1-ctf: Grinch Networks compromised!

Grinch Networks compromised! For fast triage/validation and inspired by @manoelt in other CTF, I made a bash script to find and print all the 12 flags of this CTF. The script uses curl, wget, google-chrome headless for flag 2, unzip, grep and sed. If any of these commands is missing, the script...

7.8AI score
Exploits0
Kitploit
Kitploit
added 2020/10/29 11:30 a.m.61 views

Scrying - A Tool For Collecting RDP, Web And VNC Screenshots All In One Place

A new tool for collecting RDP, web and VNC screenshots all in one place This tool is still a work-in-progress and should be mostly usable but is not yet complete. Please file any bugs or feature requests as GitHub issues Caveats Web screenshotting relies on Chromium or Google Chrome being install...

7AI score
Exploits0References7
Rows per page
Query Builder