CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

348 matches found

Hacker One•added 2016/06/18 5:4 p.m.•20 views

Nextcloud: Bruteforce attack is possible on newsletter.nextcloud.com

Since HTTP Basic authentication is used on https://newsletter.nextcloud.com, This type of authentication is vulnerable to Bruteforce attack. refer the attachment below F100241 refer the attachment below F100240 Attacking via metasploit auxilary scanner httplogin: refer the attachment below F10023...

1AI score

Exploits0

RubySec•added 2016/06/16 12:0 a.m.•18 views

Logstash Logs Sensitive Information

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...

6.5CVSS6.9AI score0.0028EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2016/03/15 8:56 p.m.•50 views

Important: Red Hat Security Advisory: ror40 security update

Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

7.5CVSS6.9AI score0.90494EPSS

Exploits18References8

RedHat Linux•added 2016/03/15 8:55 p.m.•39 views

Important: Red Hat Security Advisory: ruby193 security update

Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

7.5CVSS7AI score0.90494EPSS

Exploits18References7

OSV•added 2016/02/16 2:59 a.m.•1 views

DEBIAN-CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS6AI score0.01119EPSS

Exploits0References1

Hacker One•added 2016/02/13 12:46 a.m.•19 views

New Relic: Unauthorized Access

Summary of Findings ------------------------------- The remote server https://download.newrelic.com allowed unauthenticated access to special access files that are only intended to be accessible after contacting the New Relic program managers as seen below. Exploiting the...

0.4AI score

Exploits0

NVD•added 2015/12/21 11:59 a.m.•9 views

CVE-2015-7937

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data...

10CVSS8.3AI score0.025EPSS

Exploits1References3

Prion•added 2015/12/21 11:59 a.m.•11 views

Stack overflow

10CVSS9AI score0.025EPSS

Exploits1References3

RedhatCVE•added 2015/10/30 9:50 a.m.•16 views

CVE-2007-3144

Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...

6.4CVSS7.3AI score0.00714EPSS

Exploits1References2

Packet Storm•added 2015/09/07 12:0 a.m.•38 views

Endian Firewall Proxy Password Change Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...

10CVSS0.8AI score0.86671EPSS

Exploits5

0day.today•added 2015/09/07 12:0 a.m.•76 views

Endian Firewall Proxy Password Change Command Injection Exploit

This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this...

10CVSS0.86671EPSS

Exploits5

Exploit DB•added 2015/09/07 12:0 a.m.•40 views

Endian Firewall - Password Change Command Injection (Metasploit)

10CVSS6.6AI score0.86671EPSS

Exploits5

Exploit DB•added 2015/06/29 12:0 a.m.•51 views

Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change password...

7.4AI score

Exploits0

exploitpack•added 2015/06/29 12:0 a.m.•33 views

Endian Firewall 3.0.0 - OS Command Injection (Metasploit)

Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...

0.3AI score

Exploits0

NVD•added 2015/06/22 7:59 p.m.•17 views

CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...

5CVSS6.3AI score0.04525EPSS

Exploits0References10

OSV•added 2015/06/22 7:59 p.m.•4 views

CVE-2015-3236

5CVSS6.2AI score0.04525EPSS

Exploits0References12

OSV•added 2015/06/22 7:59 p.m.•1 views

DEBIAN-CVE-2015-3236

5CVSS6.9AI score0.04525EPSS

Exploits0References1

Prion•added 2015/06/22 7:59 p.m.•22 views

Design/Logic Flaw