Lucene search
K

52 matches found

CNNVD
CNNVD
added 2021/06/01 12:0 a.m.5 views

CHIYU科技BF-630W 跨站脚本漏洞

BF-630W is a web-based fingerprint-secured single-door biometric reader controller from CHIYU Technology CHIYU Technology suffers from a cross-site scripting vulnerability that stems from an unauthenticated XSS vulnerability in several CHIYU Technology IoT devices, including BF-630, BF-450M,...

6.1CVSS6.1AI score0.05125EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.6 views

CHIYU BF-630W 跨站脚本漏洞

BF-630W is a web-based fingerprint-secured single-door biometric reader controller from CHIYU Technology CHIYU Technology suffers from a cross-site scripting vulnerability that stems from an unauthenticated XSS vulnerability in several CHIYU Technology IoT devices, including BF-630, BF-450M,...

5.4CVSS5.6AI score0.8845EPSS
Exploits4References5
Hacker One
Hacker One
added 2021/04/27 9:18 p.m.26 views

Mail.ru: [geekbrains.ru] Node modules path disclosure due to lack of error handling

Full stack error trace at HTTP 404-error on nexus.geekbrains.ru discloses the full path of the Node.js module directory on the server...

0.4AI score
Exploits0
Veracode
Veracode
added 2021/01/18 4:49 a.m.23 views

Cross-Site Scripting (XSS)

hawkbit-update-server is vulnerable to cross-site scripting. The vulnerability exist as the JSON body response for HTTP 404 error contains unsafe URL path characters...

6.1CVSS0.1AI score0.00829EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/01/14 11:15 p.m.27 views

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

6.1CVSS6.2AI score0.00829EPSS
Exploits0References2
OSV
OSV
added 2021/01/14 11:15 p.m.12 views

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

6.1CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2021/01/14 11:15 p.m.17 views

Design/Logic Flaw

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

4.3CVSS6.2AI score0.00829EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/01/14 10:20 p.m.117 views

CVE-2020-27219

CVE-2020-27219 affects Eclipse Hawkbit prior to 0.3.0M7. The REST API may return a 404 Not Found JSON response that includes the full, unescaped request path, exposing unsafe characters. This could disclose internal URL structure to an attacker that POSTs to a non-existent resource. Root cause: u...

6.1CVSS6.2AI score0.00829EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/14 10:20 p.m.33 views

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

6.2AI score0.00829EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2019/11/14 12:0 a.m.286 views

Siemens Desigo PX 6.00 - Denial of Service (PoC)

Title: Siemens Desigo PX 6.00 - Denial of Service PoC Author: LiquidWorm Date: 2019-11-14 Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version:6.00 Affected version: Model: PXC00-E.D, PXC50-E.D,...

5.3CVSS5.6AI score0.01675EPSS
Exploits5
Hacker One
Hacker One
added 2019/11/04 7:36 a.m.25 views

GSA Bounty: Cache poisoning DoS to various TTS assets

I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the Cloudfoundry app in question is behind a web cache like Cloudfront or Cloudflare etc, it will possibly sto...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2019/08/26 1:17 a.m.27 views

ZEIT: Unauthorized admission to any team in zeit.co

step no.1: open : https://zeit.co/teams/invite/ XXXX and this is a code "CzKyCgbB" of joining in a team called "maxhacker" if we generate a list consists of 8 capital and small letters with any generate tools F565462 knowing that the invitation code of any team is constant...

0.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/10/09 7:0 a.m.33 views

Description of the security update for SharePoint Enterprise Server 2016: October 9, 2018

Description of the security update for SharePoint Enterprise Server 2016: October 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, se...

5.4CVSS6.6AI score0.02715EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2018/10/09 7:0 a.m.50 views

Description of the security update for SharePoint Enterprise Server 2013: October 9, 2018

Description of the security update for SharePoint Enterprise Server 2013: October 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, se...

5.4CVSS6.3AI score0.02715EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/07/30 3:49 a.m.31 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS2.1AI score0.00894EPSS
Exploits0References2
Prion
Prion
added 2018/07/23 7:29 p.m.20 views

Cross site scripting

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

3.5CVSS6.3AI score0.00894EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/07/23 7:29 p.m.31 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS5.1AI score0.00894EPSS
Exploits0References2
OSV
OSV
added 2018/07/23 7:29 p.m.24 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2018/07/23 7:0 p.m.118 views

CVE-2018-1999007

CVE-2018-1999007 is a cross-site scripting vulnerability in Jenkins up to version 2.132 (and 2.121.1 and earlier for some components) involving the Stapler web framework. When Stapler debug mode is enabled, error/404 pages could display unescaped URL parts, allowing an attacker who can influence ...

5.4CVSS6.2AI score0.00894EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/05/10 1:29 a.m.22 views

Design/Logic Flaw

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors...

5CVSS5.3AI score0.02446EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder