Lucene search
K

195 matches found

Cvelist
Cvelist
added 2019/04/25 8:2 p.m.24 views

CVE-2019-11489

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...

8.5AI score0.02563EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/04/22 1:20 p.m.21 views

RATELIMITED: HTTP PUT method is enabled downloader.ratelimited.me

Summary: Found on HTTP PUT sites enabled on web servers. I tried testing to write the file / codelayer137.txt uploaded to the server using the PUT verb, and the contents of the file were then taken using the GET verb Steps To Reproduce: Request: PUT /codeslayer137.txt HTTP/1.1 Host:...

0.1AI score
Exploits0
Veracode
Veracode
added 2019/03/12 2:7 a.m.60 views

Remote Code Execution

tomcat-catalina is vulnerable to remote code execution. With HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS8.2AI score0.99988EPSS
Exploits23References45Affected Software87
Hacker One
Hacker One
added 2019/01/29 8:30 a.m.93 views

RATELIMITED: HTTP PUT method is enabled ratelimited.me

Found on HTTP PUT sites enabled on web servers. I tried testing to write the file / codelayer137.txt uploaded to the server using the PUT verb, and the contents of the file were then taken using the GET verb. the following is POC Request: PUT /codeslayer137.txt HTTP/1.1 Host: ratelimited.me...

0.1AI score
Exploits0
Veracode
Veracode
added 2019/01/15 9:7 a.m.23 views

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...

5.5CVSS4.8AI score0.02035EPSS
Exploits0References8Affected Software1
Hacker One
Hacker One
added 2018/12/11 7:13 p.m.80 views

RATELIMITED: HTTP PUT method enabled

Hi security team, Summary: It is possible to upload files to the server using the PUT method Steps To Reproduce: I used the following request: PUT /emitrani.txt HTTP/1.1 Host: ratelimited.me Content-Length: 10 Connection: close Now a file exists at https://ratelimited.me/emitrani.txt with content...

Exploits0
Fedora
Fedora
added 2018/05/23 4:0 p.m.44 views

[SECURITY] Fedora 27 Update: curl-7.55.1-11.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.8CVSS0.11175EPSS
Exploits0
exploitpack
exploitpack
added 2018/05/21 12:0 a.m.27 views

GitBucket 4.23.1 - Remote Code Execution

GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

Exploits0
RedHat Linux
RedHat Linux
added 2018/03/07 3:21 p.m.5 views

tomcat: Remote Code Execution via JSP Upload

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

8.1CVSS7.5AI score0.99607EPSS
Exploits18References6
RedHat Linux
RedHat Linux
added 2018/03/07 3:21 p.m.12 views

tomcat: Remote Code Execution bypass for CVE-2017-12615

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

8.1CVSS7.5AI score0.99988EPSS
Exploits37References7
RedHat Linux
RedHat Linux
added 2018/02/05 2:24 p.m.6 views

tomcat: Remote Code Execution bypass for CVE-2017-12615

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

8.1CVSS7.5AI score0.99988EPSS
Exploits37References7
RedHat Linux
RedHat Linux
added 2018/02/05 10:27 a.m.83 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS7AI score0.99988EPSS
Exploits28References6
Fedora
Fedora
added 2017/12/10 5:11 a.m.39 views

[SECURITY] Fedora 27 Update: curl-7.55.1-8.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.8CVSS0.11175EPSS
Exploits0
Fedora
Fedora
added 2017/12/09 10:30 p.m.39 views

[SECURITY] Fedora 26 Update: curl-7.53.1-13.fc26

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.8CVSS0.11175EPSS
Exploits0
Fedora
Fedora
added 2017/11/11 3:23 a.m.24 views

[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

7.5CVSS0.08465EPSS
Exploits0
Debian
Debian
added 2017/11/10 3:50 a.m.10 views

[SECURITY] [DLA 1166-2] tomcat7 regression update

Package : tomcat7 Version : 7.0.28-4+deb7u17 Debian Bug : 881162 The update for tomcat7 issued as DLA-1166-1 caused a regressions whereby every request, including for the root document /, returned HTTP status 404. Updated packages are now available to address this problem. For reference, the...

5.8AI score
Exploits0
OSV
OSV
added 2017/11/02 9:47 p.m.26 views

MGASA-2017-0400 Updated tomcat packages fix security vulnerability

When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS8.1AI score0.99988EPSS
Exploits23References4
Tenable Nessus
Tenable Nessus
added 2017/11/01 12:0 a.m.56 views

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it...

8.1CVSS7.5AI score0.99988EPSS
Exploits37References5
RedHat Linux
RedHat Linux
added 2017/10/30 12:26 a.m.6 views

tomcat: Remote Code Execution via JSP Upload

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

8.1CVSS7.5AI score0.99607EPSS
Exploits18References6
RedHat Linux
RedHat Linux
added 2017/10/30 12:26 a.m.146 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.1CVSS7.1AI score0.99988EPSS
Exploits37References5
Rows per page
Query Builder