Lucene search
K

163 matches found

NVD
NVD
added 2020/06/29 6:15 p.m.18 views

CVE-2020-15069

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x...

9.8CVSS0.10674EPSS
Exploits0References2
Prion
Prion
added 2020/06/29 6:15 p.m.14 views

Buffer overflow

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x...

7.5CVSS9.8AI score0.10674EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/06/29 5:30 p.m.8 views

CVE-2020-15069

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x...

10AI score0.10674EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/29 5:30 p.m.23 views

CVE-2020-15069

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x...

9.9AI score0.10674EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/06/29 12:0 a.m.23 views

CVE-2020-15069

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.8CVSS8.3AI score0.10674EPSS
In wildExploits0References3
Prion
Prion
added 2020/06/08 4:15 p.m.25 views

Deserialization of untrusted data

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

4.3CVSS6.3AI score0.01712EPSS
Exploits0References5Affected Software3
Amazon
Amazon
added 2020/04/23 12:0 a.m.149 views

Important: http-parser

Issue Overview: A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.j...

9.8CVSS8AI score0.57132EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/14 7:28 p.m.37 views

CVE-2020-10696

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS2.2AI score0.02603EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/04/06 4:56 a.m.36 views

CVE-2019-15605

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

9.8CVSS9AI score0.57132EPSS
Exploits0References4
OSV
OSV
added 2020/03/31 10:15 p.m.21 views

CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

8.8CVSS6.4AI score0.02603EPSS
Exploits1References3
Prion
Prion
added 2020/03/31 10:15 p.m.23 views

Path traversal

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS8.3AI score0.02603EPSS
Exploits1References3Affected Software3
Debian CVE
Debian CVE
added 2020/03/31 9:1 p.m.37 views

CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS6.8AI score0.02603EPSS
Exploits1
OSV
OSV
added 2020/03/10 6:2 p.m.9 views

GHSA-PCQQ-5962-HVCW Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

7.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/03/10 6:2 p.m.70 views

Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

3.1AI score
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2020/02/20 11:15 p.m.19 views

CVE-2020-5243

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...

7.5CVSS7.3AI score0.02205EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/02/07 12:44 a.m.35 views

CVE-2019-15606

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

9.8CVSS8.9AI score0.20041EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2020/01/06 12:0 a.m.302 views

Complaint Management System 4.0 - 'cid' SQL injection

Exploit Title: Complaint Management System 4.0 - 'cid' SQL injection Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Tested on: Windows 7 CVE : N/A Description: The...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2019/11/07 12:0 a.m.19 views

LIVE555 Streaming Media Server Detection Consolidation

Consolidation of LIVE555 Streaming Media Server detections. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

0.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/08/10 1:37 p.m.130 views

WAES - Auto Enums Websites And Dumps Files As Result

Doing HTB or other CTFs enumeration against targets with HTTPS can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum proces...

6.5AI score
Exploits0References1
NVD
NVD
added 2019/06/27 5:15 p.m.15 views

CVE-2019-7225

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

8.8CVSS8.9AI score0.02895EPSS
Exploits1References4
Rows per page
Query Builder