Lucene search
K

5908 matches found

Cvelist
Cvelist
added 2024/06/25 9:36 p.m.20 views

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information...

9.3CVSS0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/25 9:36 p.m.10 views

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information...

9.3CVSS6.1AI score0.00183EPSS
Exploits0References1
CVE
CVE
added 2024/06/25 9:36 p.m.42 views

CVE-2024-6060

Affected software: Phloc Webscopes 7.0.0. The issue is information disclosure where local attackers with access to log files can view logged HTTP requests containing passwords or other sensitive data. Root cause cited in external advisories points to improper handling of logged requests (e.g., Re...

9.3CVSS5.8AI score0.00183EPSS
Exploits0References2
Kitploit
Kitploit
added 2024/06/24 12:30 p.m.96 views

Hfinger - Fingerprinting HTTP Requests

Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :- Its main objective is to provide unique representations fingerprints of malware requests, which help in their identification. Unique means here that each fingerprint should be seen...

7AI score
Exploits0References5
Cloud Foundry
Cloud Foundry
added 2024/06/24 12:0 a.m.19 views

CVE-2024-37082 - mTLS bypass | Cloud Foundry

Severity CRITICAL Vendor CloudFoundry Foundation Versions Affected Routing Release 10.6.0 Description When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud...

9.1CVSS9.3AI score0.00545EPSS
Exploits0
NVD
NVD
added 2024/06/23 3:15 p.m.17 views

CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS0.00674EPSS
Exploits1References1
OSV
OSV
added 2024/06/23 3:15 p.m.4 views

CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

3.3CVSS4AI score
Exploits0References1
Cvelist
Cvelist
added 2024/06/23 2:33 p.m.26 views

CVE-2024-4841 Path Traversal in parisneo/lollms-webui

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS0.00674EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/23 2:33 p.m.19 views

CVE-2024-4841 Path Traversal in parisneo/lollms-webui

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS6.8AI score0.00674EPSS
Exploits1References1
CVE
CVE
added 2024/06/23 2:33 p.m.94 views

CVE-2024-4841

LoLLMS WebUI (parisneo/lollms-webui) is affected by a Path Traversal vulnerability in the add_reference_to_local_mode function, arising from lack of input sanitization. Exploitation targets the path parameter in HTTP requests to the /add_reference_to_local_model endpoint, enabling an attacker to ...

4CVSS4.1AI score0.00674EPSS
In wildExploits1References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.20 views

(Pwn2Own) Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. The issue results from the lack of proper...

8.8CVSS7.2AI score0.00474EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/06/17 12:0 a.m.18 views

XAMPP <= 7.3.2 DoS Vulnerability

XAMPP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apachefriends:xampp"; if...

7.5CVSS7.5AI score0.00443EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 4:15 a.m.22 views

CVE-2024-27163

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

6.5CVSS0.0042EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/14 3:40 a.m.18 views

CVE-2024-27163 Leak of admin password and passwords

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

6.5CVSS6.6AI score0.0042EPSS
Exploits1References4
CVE
CVE
added 2024/06/14 3:40 a.m.85 views

CVE-2024-27163

CVE-2024-27163 affects Toshiba printers (notably MFPs/e-Studio). It exposes admin passwords (and additional passwords) in clear-text when two specific HTTP requests are sent to the internal API; an attacker who can steal an admin cookie or exploit XSS can recover these passwords and compromise th...

6.5CVSS6.9AI score0.0042EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/14 3:40 a.m.29 views

CVE-2024-27163 Leak of admin password and passwords

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

6.5CVSS0.0042EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.6 views

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the lack of authentication procedures, which allows a perpetrator to execute arbitrary codes or commands.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or scripts by sending specially crafted HTTP requests o...

6.8CVSS5.9AI score0.00542EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/06/11 3:16 p.m.4 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

4.8CVSS7.3AI score0.01042EPSS
Exploits0References1
OSV
OSV
added 2024/06/11 5:15 a.m.5 views

CVE-2024-36360

OS command injection vulnerability exists in awkblog v0.0.1 commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552 and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the...

9.8CVSS5.9AI score0.01571EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 3:15 p.m.27 views

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

6.1CVSS0.00314EPSS
Exploits1References1
Rows per page
Query Builder