Lucene search
K

16599 matches found

CNNVD
CNNVD
added 2023/08/04 12:0 a.m.5 views

VMware Horizon Environment Issues Vulnerabilities

VMware Horizon is a suite of foundation platforms for virtual desktops and applications from VMware. The product enables end users to access all of their virtual desktops, applications and online services through a digital workspace. A security vulnerability exists in VMware Horizon Server that...

5.3CVSS6.7AI score0.00395EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.166 views

ReyeeOS 1.204.1614 Code Execution / Man-In-The-Middle

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/04 12:0 a.m.206 views

ReyeeOS 1.204.1614 - MITM Remote Code Execution Exploit

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version: ReyeeOS 1.204.1614...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.359 views

Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.277 views

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...

7.4AI score
Exploits0
NVD
NVD
added 2023/08/03 11:15 p.m.16 views

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...

7.5CVSS7.9AI score0.02438EPSS
Exploits2References5
Prion
Prion
added 2023/08/03 11:15 p.m.18 views

Design/Logic Flaw

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system...

5CVSS7.3AI score0.02438EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/03 4:36 p.m.28 views

protocol-http1 HTTP Request/Response Smuggling vulnerability

Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...

5.8CVSS6.3AI score0.00637EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2023/08/03 4:36 p.m.2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper RFC implementation. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing. Remediation Upgrade...

5.8CVSS7AI score0.00637EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.6 views

PT-2023-4288 · Vmware · Vmware Horizon Server

Name of the Vulnerable Software and Affected Versions: VMware Horizon Server affected versions not specified Description: The issue is related to a HTTP request smuggling vulnerability in VMware Horizon Server. A malicious actor with network access may be able to perform HTTP smuggle requests,...

5.3CVSS4.9AI score0.00395EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.17 views

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...

7.6AI score0.02438EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.17 views

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...

7.8AI score0.02438EPSS
Exploits2References4
VMware
VMware
added 2023/08/03 12:0 a.m.106 views

VMware Horizon Server updates address multiple security vulnerabilities (CVE-2023-34037, CVE-2023-34038)

3a. Request smuggling vulnerability CVE-2023-34037 VMware Horizon Server contains a HTTP request smuggling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. 3b. Information disclosure vulnerability...

5CVSS5.9AI score0.00409EPSS
Exploits0References12Affected Software1
RubySec
RubySec
added 2023/08/03 12:0 a.m.20 views

protocol-http1 HTTP Request/Response Smuggling vulnerability

Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...

5.8CVSS6.8AI score0.00637EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.30 views

AlmaLinux 9 : nodejs (ALSA-2023:4331)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4331 advisory. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.31 views

Oracle Linux 9 : 18 (ELSA-2023-4330)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4330 advisory. - Rebase to 18.16.1 Resolves: rhbz2188292 rhbz2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Tenable has extracted the...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References5
NCSC
NCSC
added 2023/08/02 12:0 a.m.6 views

Vulnerability fixed in Splunk SOAR

Splunk has fixed a vulnerability in Splunk SOAR. The vulnerability allows an unauthenticated malicious person to inject inject ANSI escape code into a log file. To do so, the malicious party must send a specially prepared HTTP request to the Spunk SOAR instance. When this log file is read in a...

8.6CVSS7.3AI score0.00281EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.34 views

AlmaLinux 9 : nodejs:18 (ALSA-2023:4330)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4330 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.27 views

Oracle Linux 9 : nodejs (ELSA-2023-4331)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4331 advisory. - Rebase to 16.20.1 Resolves: rhbz2188291 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Tenable has extracted the preceding...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References5
Rosalinux
Rosalinux
added 2023/08/01 12:58 p.m.39 views

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

9.8CVSS7.8AI score0.23293EPSS
Exploits6
Rows per page
Query Builder