Lucene search
K

16601 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.139 views

GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'GE Proficy Cimplicity WebView substitute.bcl Directory Traversal', 'Description' = %q This module abuses a directory traversal in G...

4.3CVSS7AI score0.17394EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.185 views

Hashtable Collisions

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashtable Collisions', 'Description' = %q This module uses a denial-of-service DoS condition appearing in a variety of programming languages. Thi...

7.8CVSS7.3AI score0.83911EPSS
Exploits16
CNVD
CNVD
added 2024/08/30 12:0 a.m.3 views

TOTOLINK AC1200 Buffer Overflow Vulnerability

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the formWlEncrypt CGI handler in the boa program that fails to limit the length of the wlanssid field entered by the user. An...

9.8CVSS6.8AI score0.00662EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/08/30 12:0 a.m.1330 views

SPIP 4.2.6 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.6 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/29 12:0 a.m.290 views

Notemark 0.13.0 Cross Site Scripting

Exploit Title: Stored XSS in NoteMark Date: 07/29/2024 Exploit Author: Alessio Romano sfoffo Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ Version: 0.13.0 and below Tested on: Linux References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,...

8.7CVSS7.1AI score0.00777EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2024/08/28 12:0 a.m.33 views

CVE-2024-34198

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlanssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long...

7.7AI score0.00662EPSS
Exploits1References1
0day.today
0day.today
added 2024/08/28 12:0 a.m.242 views

NoteMark < 0.13.0 - Stored XSS Vulnerability

Exploit Title: Stored XSS in NoteMark Exploit Author: Alessio Romano sfoffo Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ Version: 0.13.0 and below Tested on: Linux References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,...

8.7CVSS7AI score0.00777EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/27 9:33 p.m.38 views

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Verify Directory products

Summary Several Security Vulnerabilities discovered in the IBM Security Verify Directory Integrator provided by IBM Security Verify Directory Products have been addressed by an update Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker to obtain sensitive...

9.8CVSS8.7AI score0.7848EPSS
Exploits5Affected Software1
NVD
NVD
added 2024/08/27 8:15 a.m.17 views

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/08/27 8:15 a.m.7 views

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS5.9AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/27 8:1 a.m.19 views

CVE-2024-41176 Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS0.00265EPSS
Exploits0References1
CVE
CVE
added 2024/08/27 8:1 a.m.95 views

CVE-2024-41176

CVE-2024-41176 affects Beckhoff: TwinCAT/BSD MPD package. An authenticated, low-privileged local attacker can cause a DoS in the daemon and execute code in the root context via a crafted HTTP request. Documented impact is local, with potential for full system compromise; exploitation status is no...

7.3CVSS7.1AI score0.00265EPSS
Exploits0References1Affected Software2
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.28 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.8AI score0.87806EPSS
Exploits17References25
NVD
NVD
added 2024/08/26 7:15 a.m.38 views

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

9.8CVSS0.05635EPSS
Exploits3References3
Cvelist
Cvelist
added 2024/08/26 12:0 a.m.36 views

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

0.05635EPSS
Exploits3References3
CVE
CVE
added 2024/08/26 12:0 a.m.136 views

CVE-2024-45256

CVE-2024-45256 affects BYOB (Build Your Own Botnet) 2.0. The issue is an arbitrary file write in the exfiltration endpoint (file_add in api/files/routes.py) that lets unauthenticated attackers overwrite SQLite databases and bypass authentication via a crafted HTTP parameter. Several sources confi...

9.8CVSS7.6AI score0.05635EPSS
Exploits3References3
OSV
OSV
added 2024/08/23 6:15 p.m.15 views

CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/08/23 6:15 p.m.17 views

CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

9.8CVSS6.6AI score0.89783EPSS
Exploits10References4
Cvelist
Cvelist
added 2024/08/23 5:43 p.m.25 views

CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

9.8CVSS0.89783EPSS
Exploits10References3
CVE
CVE
added 2024/08/23 5:43 p.m.157 views

CVE-2024-7954

Affected software: SPIP CMS with the porte_plume plugin (versions before 4.30-alpha2, 4.2.13, and 4.1.16). Vulnerability: Unauthenticated remote code execution via crafted HTTP requests to porte_plume_previsu, allowing execution of arbitrary PHP as the SPIP user. Impact: Potential full server com...

9.8CVSS9.8AI score0.89783EPSS
In wildExploits10References3
Rows per page
Query Builder