Lucene search
K

5909 matches found

exploitpack
exploitpack
added 2019/12/02 12:0 a.m.47 views

SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery

SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL:...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/02 12:0 a.m.45 views

Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure (cisco-sa-20191120-sbr-rv-infodis)

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by an information disclosure vulnerability in the web-based management interface due to improper authorization of HTTP requests. An unauthenticated, remote attacker can exploit this, by sending...

5.3CVSS6.2AI score0.01195EPSS
Exploits0References3
0day.today
0day.today
added 2019/11/30 12:0 a.m.201 views

Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery Vulnerabilities

Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities. Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page:...

6.9AI score
Exploits0
OSV
OSV
added 2019/11/27 5:15 p.m.25 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.1AI score0.04526EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/11/27 4:54 p.m.30 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.3AI score0.04526EPSS
Exploits0References5
OSV
OSV
added 2019/11/27 4:54 p.m.32 views

PSF-2019-2 HTTPoxy attack

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.5AI score0.04526EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/11/27 4:54 p.m.37 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.9AI score0.04526EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/11/27 12:0 a.m.23 views

Cisco IOS XE Software, Catalyst, and NGWC GUI Privilege Escalation (cisco-sa-20170927-ngwc)

According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in the web-based Wireless Controller GUI for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E Wireless Switches, and Cisco New Generation Wireless...

9CVSS8.1AI score0.03236EPSS
Exploits0References3
NVD
NVD
added 2019/11/26 4:15 a.m.14 views

CVE-2019-15990

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...

5.3CVSS5.2AI score0.01195EPSS
Exploits0References1
Prion
Prion
added 2019/11/26 4:15 a.m.16 views

Authorization

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...

5CVSS5.2AI score0.01195EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichment
added 2019/11/26 3:42 a.m.7 views

CVE-2019-15990 Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...

5.3CVSS7AI score0.01195EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2019/11/25 12:0 a.m.5 views

OPF OpenProject Activities API SQL Injection (CVE-2019-11600)

A SQL injection vulnerability has been reported in OpenProject. This vulnerability can be exploited by sending crafted HTTP requests to a vulnerable application. Successful exploitation could lead to arbitrary SQL statement execution in the security context of database service...

6.8CVSS1.8AI score0.79956EPSS
Exploits5
CVE
CVE
added 2019/11/22 6:46 p.m.125 views

CVE-2019-19240

The CVE-2019-19240 entry concerns Embedthis GoAhead before 5.0.1. Affected component: GoAhead WebsRedirect, which uses a fixed-size host buffer. Under certain redirected HTTP requests with a large Host header, the copy of the Host header can overflow, leaving the buffer uninitialized and potentia...

5.3CVSS5.3AI score0.01541EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/11/15 9:15 p.m.31 views

CVE-2019-6660

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service...

7.5CVSS7.4AI score0.01044EPSS
Exploits0References1
Prion
Prion
added 2019/11/15 9:15 p.m.18 views

Denial of service

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service...

5CVSS7.4AI score0.01044EPSS
Exploits0References1Affected Software13
Cvelist
Cvelist
added 2019/11/15 8:31 p.m.30 views

CVE-2019-6660

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service...

7.4AI score0.01044EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 12:15 a.m.25 views

CVE-2019-3662

Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests...

6.5CVSS6.4AI score0.0143EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 12:15 a.m.16 views

Path traversal

Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests...

4CVSS6.4AI score0.0143EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/11/13 11:15 p.m.20 views

CVE-2019-3660

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests...

8.8CVSS8.6AI score0.01198EPSS
Exploits0References1
Prion
Prion
added 2019/11/13 11:15 p.m.21 views

Input validation

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests...

6.5CVSS8.5AI score0.01198EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder