Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11634 matches found

Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.213 views

IBM Notes encodeURI Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If...

6.5CVSS7AI score0.30074EPSS
Exploits11
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.239 views

Flexense HTTP Server Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the Flexense HTTP server...

7.5CVSS7AI score0.76544EPSS
Exploits6
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.325 views

Intersil (Boa) HTTPd Basic Authentication Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intersil Boa HTTPd Basic Authentication Password Reset', 'Description' = %q The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11 allows...

10CVSS7.4AI score0.67649EPSS
Exploits3
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.155 views

HTTP Client LAN IP Address Gather

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Client LAN IP Address Gather', 'Description' = %q This module retrieves a browser's network interface IP addresses using WebRTC. , 'License'...

4.3CVSS7AI score0.30144EPSS
Exploits7
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.201 views

Samsung Internet Browser SOP Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...

7.5CVSS7.1AI score0.78843EPSS
Exploits7
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.295 views

QNAP QTS and Photo Station Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and Photo Station Local File Inclusion', 'Description' = %q This module exploits a local file inclusion in QNAP QTS and Photo Station th...

9.8CVSS7AI score0.89681EPSS
Exploits11
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.226 views

Brother Debut http Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure...

7.8CVSS7AI score0.59386EPSS
Exploits7
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.147 views

Pi3Web ISAPI Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi3Web ISAPI DoS', 'Description' = %q The Pi3Web HTTP server crashes when a request is made for an invalid DLL file in /isapi for versions 2.0.13...

4.3CVSS7.4AI score0.26485EPSS
Exploits3
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.205 views

MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection", 'Description' = %q This module exploits a universal cross-site...

4.3CVSS7AI score0.71698EPSS
Exploits5
Tenable Nessus
Tenable Nessusadded 2024/08/30 12:0 a.m.20 views

CBL Mariner 2.0 Security Update: cmake / curl / mysql (CVE-2023-46218)

The version of cmake / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46218 advisory. - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed bac...

6.5CVSS6.3AI score0.01685EPSS
Exploits1References2
Talos Blog
Talos Blogadded 2024/08/28 4:0 p.m.10 views

Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

So far in this series, Ive developed a fuzzer for the µC/HTTP-server. As described in the previous post, this fuzzer reads from a file to enable compatibility with AFL++. That implementation only fuzzes a single request at a time. Although that single request fuzzer uncovered a few security...

8AI score
Exploits0
Talos Blog
Talos Blogadded 2024/08/28 4:0 p.m.40 views

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

This is the first post of a three-part series, where we will be delving into the intricacies of fuzzing µC/OS protocol stacks. The techniques I will discuss are universally applicable to various RTOS environments, though our focus will primarily be on µC/OS. Ill highlight some of the strategic co...

10CVSS7.2AI score0.01778EPSS
Exploits5
Talos Blog
Talos Blogadded 2024/08/28 4:0 p.m.17 views

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. The first post highlighted code modifications necessary for developing a fuzzing harness tailored for the µC/HTTP-server. The second discussed a techniqu...

8AI score
Exploits0
OSV
OSVadded 2024/08/27 7:55 p.m.3 views

CLSA-2024-1724788546 Fix of 5 CVEs

SECURITY UPDATE: http server use exploitable/malicious backend application - debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38476 SECURITY UPDATE: modules regression introduced by...

9.8CVSS7.1AI score0.99957EPSS
Exploits4References1
NVD
NVDadded 2024/08/26 4:15 p.m.6 views

CVE-2024-34087

An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request...

9.8CVSS0.01189EPSS
Exploits0References4
GithubExploit
GithubExploitadded 2024/08/26 9:7 a.m.240 views

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 POC & Lab For CVE-2021-41773 Setup Lab...

7.5CVSS8.3AI score0.99992EPSS
Exploits148
RedHat Linux
RedHat Linuxadded 2024/08/26 8:9 a.m.41 views

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS7AI score0.41611EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2024/08/26 7:39 a.m.40 views

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7AI score0.41611EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/08/26 12:0 a.m.12 views

CVE-2024-34087

An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request...

0.01189EPSS
Exploits0References4
CNNVD
CNNVDadded 2024/08/26 12:0 a.m.3 views

BPQ32 安全漏洞

BPQ32 is a Groups open source software for packet radio communications. A security vulnerability exists in BPQ32 version 6.0.24.1, which originates from the presence of a SEH-based buffer overflow in the HTTP server, allowing remote attackers with privileged access to a Web endpoint to achieve...

9.8CVSS8.3AI score0.01189EPSS
Exploits0References5
Rows per page
Query Builder