Lucene search
K

106 matches found

Cvelist
Cvelist
added 2020/04/02 7:50 p.m.19 views

CVE-2019-19002 ABB eSOMS X-XSS-Protection not enabled

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting...

6.3CVSS6.3AI score0.00793EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.15 views

Trend Micro Worry-Free Business Security (WFBS) Multiple Vulnerabilities (1114098)

The remote host is running a version of the Trend Micro WFBS which is affected by multiple vulnerabilities. An attacker who has already gained a foothold on the local WFBS server may manipulate configuration variables in order to access files outside of the web root folder or modify HTTP response...

5.7AI score
Exploits0References1
myhack58
myhack58
added 2019/08/17 12:0 a.m.325 views

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

0.5AI score
Exploits0
NVD
NVD
added 2018/12/04 5:29 p.m.31 views

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

8.8CVSS8.5AI score0.01324EPSS
Exploits1References1
Prion
Prion
added 2018/12/04 5:29 p.m.18 views

Design/Logic Flaw

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

6.8CVSS8.4AI score0.01324EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/04 5:0 p.m.43 views

CVE-2018-11347

The CVE-2018-11347 entry concerns the YunoHost web application (versions 2.7.2 through 2.7.14). Affected component/issue: HTTP Response Header Injection, enabling an attacker to inject one or more HTTP headers in server responses. Attack requirements: user interaction is needed (the attacker must...

8.8CVSS8.4AI score0.01324EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2018/08/26 12:0 a.m.39 views

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Softwa...

6.8AI score
Exploits0
Mageia
Mageia
added 2018/07/11 9:7 p.m.19 views

Updated nikto packages fix security vulnerability

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report CVE-2018-11652...

10CVSS4.9AI score0.24727EPSS
Exploits5References2
CVE
CVE
added 2018/07/10 6:0 p.m.52 views

CVE-2018-2432

CVE-2018-2432 affects SAP BusinessObjects BI Launchpad and Central Management Console (versions 4.10, 4.20, 4.30). The issue allows an attacker to include invalid data in the HTTP response header sent to a web user, enabling cross-site scripting and page hijacking as stated in the public descript...

5.4CVSS5.2AI score0.00745EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/07/10 6:0 p.m.27 views

CVE-2018-2432

SAP BusinessObjects Business Intelligence BI Launchpad and Central Management Console versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including:...

5.2AI score0.00745EPSS
Exploits0References3
exploitpack
exploitpack
added 2018/06/18 12:0 a.m.94 views

Nikto 2.1.6 - CSV Injection

Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...

10CVSS9.7AI score0.24727EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/06/18 12:0 a.m.39 views

Nikto 2.1.6 CSV Injection

Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...

9.5AI score0.24727EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.325 views

Nikto 2.1.6 - CSV Injection

Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...

10CVSS9.5AI score0.24727EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/06/05 12:0 a.m.50 views

Microsoft Open Redirect

Exploit Title: Open Redirect at Microsoft Date: 28.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.microsoft.com/ Software : Microsoft Service Website Software Version : 1.0.0 Vulnerability : Open Redirect CWE : CWE-601: URL Redirection to Untrusted Site 'Open Redirect'...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2018/06/01 3:0 p.m.23 views

CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

9.6AI score0.24727EPSS
Exploits5References2
Debian CVE
Debian CVE
added 2018/06/01 3:0 p.m.56 views

CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

10CVSS9.6AI score0.24727EPSS
Exploits5
exploitpack
exploitpack
added 2017/12/29 12:0 a.m.61 views

NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)

NetTransport 2.96L - Remote Buffer Overflow DEP Bypass !/usr/bin/pythion Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L DEP Bypass CVE: CVE-2017-17968 Date: 28-12-2017 Software Link: http://xi-soft.com/downloads/NXSetupx86.zip Exploit Author: Author: Aloyce J...

10CVSS0.3AI score0.39634EPSS
Exploits6
exploitpack
exploitpack
added 2017/12/26 12:0 a.m.45 views

GetGo Download Manager 5.3.0.2712 - Buffer Overflow

GetGo Download Manager 5.3.0.2712 - Buffer Overflow Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link:...

10CVSS1.2AI score0.19015EPSS
Exploits9
Packet Storm
Packet Storm
added 2017/12/23 12:0 a.m.47 views

GetGo Download Manager 5.3.0.2712 Buffer Overflow

Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link: http://www.getgosoft.com/getgodm/ Category: webapps Attack...

1.3AI score0.19015EPSS
Exploits9
Prion
Prion
added 2017/05/17 9:29 p.m.19 views

Design/Logic Flaw

Web Server method disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to exploit and find another hole via HTTP response header...

5CVSS5.3AI score0.01049EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder