Lucene search
K

5909 matches found

Prion
Prion
added 2019/03/21 4:1 p.m.49 views

Denial of service

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server based on gSOAP 2.8.x is configured for an iterative queueing approach aka non-threaded operation with a timeout of several seconds...

5CVSS7.4AI score0.13776EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2019/03/21 3:46 p.m.15 views

CVE-2018-4030

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any...

5.3CVSS7.5AI score0.01168EPSS
Exploits1References1
NVD
NVD
added 2019/03/14 10:29 p.m.16 views

CVE-2019-3833

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server...

7.5CVSS7.3AI score0.15243EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2019/03/14 10:29 p.m.22 views

CVE-2019-3833

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server...

7.5CVSS7.1AI score0.15243EPSS
Exploits0References3
Prion
Prion
added 2019/03/14 10:29 p.m.18 views

Design/Logic Flaw

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server...

5CVSS7.3AI score0.15243EPSS
Exploits0References8Affected Software3
Cvelist
Cvelist
added 2019/03/14 10:0 p.m.24 views

CVE-2019-3833

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server...

7.5CVSS7.3AI score0.15243EPSS
Exploits0References8
0day.today
0day.today
added 2019/03/14 12:0 a.m.41 views

Intel Modular Server System 10.18 - CSRF (Change Admin Password) Vulnerability

Exploit for php platform in category web applications history.pushState'', 't00t', 'index.php' input type="hidden" name="dbTableUser1UserId" valu...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/13 12:0 a.m.43 views

Intel Modular Server System 10.18 Cross Site Request Forgery

history.pushState'', 't00t', 'index.php' input type="hi...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2019/03/12 2:32 p.m.520 views

Omise: SSRF in webhooks leads to AWS private keys disclosure

Vulnerability Summary Omise makes use of Amazon AWS as their application environment. Due to a vulnerability in the way webhooks are implemented, an attacker can make arbitrary HTTP/HTTPS requests from the application server and read their responses. This is known as a server-side request forgery...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2019/03/11 11:40 p.m.10 views

50m-ctf: @ajxchapman 50m-ctf writeup

50m-ctf writeup TL;DR Flag is c8889970d9fb722066f31e804e351993, thanks for the challenge! Introduction My goal for this CTF was to primarily use tools and scripts that I had personally written to complete it. Throughout this challenge I used and extended my personal toolkit extensively. All the...

8.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/03/08 9:29 p.m.29 views

CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

7.5CVSS7.2AI score0.19442EPSS
Exploits0References2
CVE0DAY
CVE0DAY
added 2019/03/07 1:55 p.m.243 views

Cisco Routers CVE-2019-1663 Remote Command Execution

Description A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device...

10CVSS2.8AI score0.95707EPSS
Exploits15
NVD
NVD
added 2019/02/28 6:29 p.m.16 views

CVE-2019-1663

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...

10CVSS9.6AI score0.95707EPSS
Exploits15References7
Atlassian
Atlassian
added 2019/02/27 10:52 p.m.479 views

SSRF via WebDAV endpoint - CVE-2019-3395

There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance. Affected versions: All versions of Confluence Server and Confluence Data Center...

10CVSS2.9AI score0.99913EPSS
Exploits20Affected Software1
Hacker One
Hacker One
added 2019/02/24 1:1 p.m.10 views

Starbucks: SSRF at ideas.starbucks.com

In this report, @damian89 identified a Server Side Request Forgery SSRF vulnerability on ideas.starbucks.com that allowed sending arbitrary HTTP requests and returned response bodies. The report went on to demonstrate how this flaw could be leveraged to use the vulnerable host as a proxy and...

0.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2019/02/24 12:0 a.m.3 views

Zoho ManageEngine OpManager SQL Injection (CVE-2018-20338)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests. Successful exploitation could lead to arbitrary SQL code execution...

7.5CVSS2.8AI score0.11525EPSS
Exploits1
Kitploit
Kitploit
added 2019/02/19 12:45 p.m.238 views

BoNeSi - The DDoS Botnet Simulator

BoNeSi , the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks. What traffic can be generated? BoNeSi generates ICMP, UDP and TCP HTTP flooding attacks from a defined botnet size different IP...

7.2AI score
Exploits0References1
Exploit DB
Exploit DB
added 2019/02/18 12:0 a.m.44 views

Master IP CAM 01 3.3.4.2103 - Remote Command Execution

Exploit Title: Master IP CAM 01 Remote Command Execution Date: 09-02-2019 Remote: Yes Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Master IP CAM Version: 3.3.4.2103 CVE: CVE-2019-8387 import sys import requests if lensys.argv " print "- Example: python...

9.8CVSS9.8AI score0.55721EPSS
Exploits5
Prion
Prion
added 2019/02/17 4:29 a.m.19 views

Design/Logic Flaw

Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages...

5.8CVSS7.4AI score0.00691EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/02/17 4:0 a.m.51 views

CVE-2019-7399

Vulnerability summary (CVE-2019-7399) : FireOS up to version 5.3.6.3/4 contains a root-cause in the Settings/Terms of Use and Privacy pages where content is loaded without HTTPS. This allows a network-based attacker to perform a man-in-the-middle (MITM) attack to inject malicious content or exfil...

7.4CVSS7.4AI score0.00691EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder