Lucene search
K

16603 matches found

Veracode
Veracode
added 2023/05/29 4:47 p.m.19 views

Denial Of Service (DoS)

froxlor/froxlor is vulnerable to Denial Of Service DoS. The vulnerability exists because of a lack of HTTP request validation in the rate-limiting functionality during a password reset, which allows an attacker to crash the application...

7.5CVSS6.9AI score0.00681EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/05/26 3:54 a.m.20 views

Privilege Escalation

org.apache.inlong is vulnerable to Privilege Escalation. The vulnerability exists because the library does not properly remove the permission when deleting a user, allowing an attacker with a valid but unprivileged account to send malicious login requests and follow it with a subsequent HTTP...

9.8CVSS6.7AI score0.01289EPSS
Exploits0References3Affected Software4
ATTACKERKB
ATTACKERKB
added 2023/05/25 8:15 p.m.5 views

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

9.8CVSS5.8AI score0.0062EPSS
Exploits0References3
NVD
NVD
added 2023/05/25 8:15 p.m.12 views

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

9.8CVSS9.8AI score0.0062EPSS
Exploits0References2
Hacker One
Hacker One
added 2023/05/25 1:38 p.m.70 views

Node.js: HTTP Request Smuggling via Empty headers separated by CR

HTTP Request Smuggling HRS was possible in Node.js v20.2.0 due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. The CR character without LF was sufficient to delimit HTTP header fields in the llhttp parser, which is not compliant with RFC7230...

7.5CVSS7.7AI score0.03906EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/05/25 12:0 a.m.6 views

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

7.8AI score0.0062EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/25 12:0 a.m.8 views

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

7.8AI score0.00602EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.3 views

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop 3.6.1 and prior versions, which stems from a sensitive SQL cal...

9.8CVSS8.5AI score0.0062EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.38 views

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-128)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-128 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...

7.5CVSS6.9AI score0.01875EPSS
Exploits3References19
RedHat Linux
RedHat Linux
added 2023/05/24 8:59 a.m.96 views

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

9.8CVSS6.7AI score0.8377EPSS
Exploits5References2
RedHat Linux
RedHat Linux
added 2023/05/24 8:59 a.m.9 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.208 views

LeadPro CRM 1.0 SQL Injection

Exploit Title: LeadPro CRM v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/leadifly-lead-call-center-crm/43485578 Demo Site: https://demo.leadifly.in Tested on: Kali Linux CVE: N/A Request GET...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.5 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a malicious actor to read arbitrary files.

The vulnerability in the web interface for managing Cisco Identity Services Engine ISE platforms relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created HTTP request...

6.1CVSS5.7AI score0.00399EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.276 views

SitemagicCMS 4.4.3 Shell Upload

Exploit Title: SitemagicCMS 4.4.3 Remote Code Execution RCE Application: SitemagicCMS Version: 4.4.3 Bugs: RCE Technology: PHP Vendor URL: https://sitemagic.org/Download.html Software Link: https://github.com/Jemt/SitemagicCMS Date of found: 14-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.376 views

PaperCut NG/MG 22.0.4 Remote Code Execution

Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Date: 13 May 2023 Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...

9.8CVSS7.1AI score0.99999EPSS
Exploits24
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.217 views

Smart School v1.0 - SQL Injection

Exploit Title: Smart School v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/smart-school-school-management-system/19426018 Demo Site: https://demo.smart-school.in Tested on: Kali Linux CVE: N/A Request POST /course/filterRecords/ HTTP/1....

7.4AI score
Exploits0
OSV
OSV
added 2023/05/22 4:15 p.m.14 views

CVE-2023-31062

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login request and...

9.8CVSS7.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/22 3:47 p.m.12 views

CVE-2023-31062 Apache InLong: Privilege escalation vulnerability for InLong

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login request and...

9.5AI score0.01289EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2023/05/22 3:6 a.m.10531 views

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

9.8CVSS8.5AI score0.8377EPSS
Exploits5
OSV
OSV
added 2023/05/21 8:42 a.m.11 views

MGASA-2023-0175 Updated apache-mod_security packages fix security vulnerability

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...

7.5CVSS7.6AI score0.01169EPSS
Exploits0References4
Rows per page
Query Builder