Lucene search
K

5909 matches found

Fortinet
Fortinet
added 2020/01/03 12:0 a.m.37 views

Protect

A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker...

5.8CVSS6.1AI score0.01072EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2019/12/30 12:0 a.m.41 views

HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)

HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/30 12:0 a.m.141 views

HomeAutomation 3.3.2 Cross Site Request Forgery

HomeAutomation v3.3.2 CSRF Add Admin Exploit Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, bu...

0.5AI score
Exploits0
0day.today
0day.today
added 2019/12/30 12:0 a.m.78 views

HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...

Exploits0
Exploit DB
Exploit DB
added 2019/12/30 12:0 a.m.172 views

HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)

Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5558...

7.4AI score
Exploits0
CNVD
CNVD
added 2019/12/23 12:0 a.m.3 views

ABB PB610 Panel Builder 600 PB610 HMISimulator Component Denial of Service Vulnerability

ABB PB610 Panel Builder 600 is a software for designing graphical user interfaces for the CP600 control panel platform. A security vulnerability in the ABB PB610 Panel Builder 600 PB610 HMIStudio component parsing HTTP requests allows remote attackers to exploit the vulnerability by submitting a...

5.3CVSS6.8AI score0.02133EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/17 12:0 a.m.40 views

Cisco IOS XE Software Arbitrary File Write (cisco-sa-20180328-wfw)

According to its self-reported version, Cisco IOS XE Software is affected by an arbitrary file write vulnerability in the web-based user interface web UI due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An authenticated, remote attacker c...

4.9CVSS5.8AI score0.01029EPSS
Exploits0References3
NVD
NVD
added 2019/12/10 3:15 p.m.20 views

CVE-2019-19251

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

5.3CVSS5.3AI score0.00654EPSS
Exploits0References1
OSV
OSV
added 2019/12/10 3:15 p.m.11 views

CVE-2019-19251

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

5.3CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2019/12/10 3:15 p.m.13 views

Design/Logic Flaw

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

5CVSS5.2AI score0.00654EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/12/10 2:26 p.m.41 views

CVE-2019-19251

The Last.fm desktop app (Last.fm Scrobbler) for macOS, up to version 2.1.39, makes HTTP requests that include an API key without SSL/TLS. An Enable SSL option exists but is disabled by default, causing cleartext requests to be sent as soon as the app starts. This can expose API keys and sensitive...

5.3CVSS5.2AI score0.00654EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/12/08 4:15 a.m.21 views

Command injection

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

9CVSS8.8AI score0.19039EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2019/12/08 3:39 a.m.28 views

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

8.8AI score0.19039EPSS
Exploits1References1
Prion
Prion
added 2019/12/05 4:15 a.m.23 views

Design/Logic Flaw

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAPAUTH header timestamp value. In HTTP requests, part of the HNAPAUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to...

8.3CVSS8.7AI score0.03203EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/12/04 8:15 p.m.15 views

CVE-2019-16752

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...

4.3CVSS4.7AI score0.00407EPSS
Exploits0References1
OSV
OSV
added 2019/12/04 8:15 p.m.11 views

CVE-2019-16752

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...

4.3CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2019/12/04 8:15 p.m.13 views

Design/Logic Flaw

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...

4.3CVSS4.7AI score0.00407EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2019/12/04 7:30 p.m.13 views

CVE-2019-16752

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...

4.7AI score0.00407EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/03 12:0 a.m.28 views

Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability (cisco-sa-20191106-wbs-privilege)

According to its self-reported version, Cisco Webex Meetings is prior to 39.7.0. It is, therefore, affected by a privilege escalation vulnerability in its Network Recording Admin page due to insufficient access control validation. An authenticated, remote attacker could exploit this, by issuing...

6.5CVSS5.8AI score0.01278EPSS
Exploits0References3
Talos Blog
Talos Blog
added 2019/12/02 11:42 a.m.31 views

Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead

A Cisco Talos researcher discovered these vulnerabilities. Blog by Jon Munshaw. EmbedThis’ GoAhead Web Server contains two vulnerabilities that both arise when the software attempts to process a multi-part/form-data HTTP request. An attacker could exploit these vulnerabilities to remotely execute...

7.5CVSS9.7AI score0.66982EPSS
Exploits3
Rows per page
Query Builder