Lucene search
K

275 matches found

Packet Storm
Packet Storm
added 2021/08/07 12:0 a.m.284 views

OneNav Beta 0.9.12 Cross Site Scripting

Exploit Title: XSS-Stored - Brutal PWNED on OneNav beta 0.9.12 addlink feature Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.06.2021 Vendor: https://www.xiaoz.me/ Link: https://github.com/helloxz/onenav/releases/tag/0.9.12 CVE: CVE-2021-38138 + Exploit Source:...

5.6AI score0.01503EPSS
Exploits2
OSV
OSV
added 2021/06/08 8:15 p.m.26 views

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

6.5CVSS6.9AI score0.95785EPSS
Exploits3References8
Debian CVE
Debian CVE
added 2021/06/08 12:0 a.m.35 views

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

6.5CVSS6.9AI score0.15972EPSS
Exploits2
Veracode
Veracode
added 2021/05/29 6:35 p.m.29 views

Denial Of Service (DoS)

Squid is vulnerable to denial of service. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server causing an application crash...

6.5CVSS6.6AI score0.79583EPSS
Exploits0References12Affected Software8
Wallarm Lab
Wallarm Lab
added 2021/05/19 11:24 a.m.35 views

Wallarm NG WAF is ranked as a “High Performer” by G2, Spring 2021!

We are proud to announce that Wallarm NG WAF was ranked as a “High performer” by G2 in the Web Application Firewall category. This award from the G2 platform confirms that our solution is highly rated by current verified Wallarm WAF users, who left unbiased reviews and answers to WAF-related...

7.4AI score
Exploits0
OSV
OSV
added 2021/04/30 5:32 p.m.40 views

GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

6.9CVSS5.4AI score0.02406EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/04/30 5:32 p.m.56 views

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS5.4AI score0.02406EPSS
Exploits0References7Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/04/21 12:0 a.m.6 views

URL Directory Traversal Over HTTP Traffic (CVE-2021-21983)

URL Directory Traversal Over HTTP Traffic...

8.5CVSS1AI score0.68557EPSS
Exploits9
Check Point Advisories
Check Point Advisories
added 2021/04/18 12:0 a.m.36 views

UNION Query-based SQL Injection Over HTTP Traffic (CVE-2018-17254; CVE-2020-18144; CVE-2020-29283; CVE-2020-29287; CVE-2020-29288; CVE-2020-35430; CVE-2021-24285)

UNION Query-based SQL Injection Over HTTP Traffic...

7.5CVSS0.8AI score0.82976EPSS
Exploits12
Check Point Advisories
Check Point Advisories
added 2021/03/30 12:0 a.m.108 views

Cross Site Scripting Over HTTP Traffic (CVE-2020-17952; CVE-2021-26475; CVE-2021-26702; CVE-2021-26723; CVE-2021-39496; CVE-2021-39499)

Cross Site Scripting Over HTTP Traffic...

7.5CVSS0.3AI score0.12578EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.567 views

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

SOYAL Biometric Access Control System 5.0 Master Code Disclosure Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4.1...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.310 views

SOYAL Biometric Access Control System 5.0 - Master Code Disclosure

Exploit Title: SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affect...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.127 views

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The controller suffers from a cleartext transmission of sensitive information. Th...

5.9AI score
Exploits0
NCSC
NCSC
added 2021/03/04 12:0 a.m.4 views

Vulnerability fixed in FortiGate

Fortinet has fixed a vulnerability in FortiGate. The vulnerability allows an unauthenticated remote malicious person potentially able to bypass the proxy by sending non-HTTPS traffic such as SSH to port 80/443 of FortiGate. Fortinet has released updates to fix the vulnerability in FortiGate 6.4.3...

7.5CVSS7AI score0.00746EPSS
Exploits0
CNNVD
CNNVD
added 2021/03/04 12:0 a.m.6 views

Fortinet FortiGate 安全漏洞

Fortinet FortiGate is a suite of network security platforms from the American company Fiat Fortinet. The platform provides firewall, antivirus and intrusion prevention IPS, application control, anti-spam, wireless controller, and WAN acceleration. A security vulnerability exists in FortiGate. The...

7.5CVSS7.2AI score0.00746EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2021/02/24 12:0 a.m.36 views

Arbitrary Command Injection Over HTTP Traffic (CVE-2020-19165; CVE-2020-24219; CVE-2020-28477; CVE-2021-26747; CVE-2021-27328)

Arbitrary Command Injection Over HTTP Traffic...

10CVSS1.2AI score0.53598EPSS
Exploits10
Fortinet
Fortinet
added 2021/01/21 12:0 a.m.86 views

Protect

When traffic other than HTTP/S eg: SSH traffic, etc... traverses the FortiOS on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header...

4.3CVSS7.3AI score0.00746EPSS
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/01/03 12:0 a.m.16 views

Arbitrary Code Injection Over HTTP Traffic (CVE-2020-21176; CVE-2020-25042; CVE-2020-26248; CVE-2020-26712; CVE-2020-28994; CVE-2020-29284; CVE-2020-6308; CVE-2021-25912)

Arbitrary Code Injections Over HTTP Traffic...

10CVSS1AI score0.61736EPSS
Exploits14
Trellix
Trellix
added 2020/12/17 12:0 a.m.9 views

Additional Analysis into the SUNBURST Backdoor | McAfee Blogs

ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...

Exploits0
OSV
OSV
added 2020/12/11 1:15 a.m.3 views

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

7.5CVSS7.1AI score0.005EPSS
Exploits0References2
Rows per page
Query Builder