5908 matches found
KeyBase Botnet 1.5 - SQL Injection
Exploit Title: KeyBase Botnet v1.5 - SQL Injection Vulnerability Google Dork: intitle:"KeyBase: Login" + intext:" Login to get access to your logs " Date: 3/12/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: v1.5 Tested on: Windows 10, debian 7 CVE : n/a...
CVE-2018-15537
Unrestricted file upload with remote code execution in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests...
CVE-2018-15537
Unrestricted file upload with remote code execution in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests...
CVE-2018-15537
Unrestricted file upload with remote code execution in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests...
Denial of Service Vulnerability in Multiple Schneider Electric Products (CNVD-2018-24634)
Schneider Electric Modicon M340, etc. are programmable logic controller products of Schneider Electric France. A denial of service vulnerability exists in the embedded web server in several Schneider Electric products, which can be exploited by an attacker to cause a denial of service by sending ...
ZIP File Raider - Burp Extension For ZIP File Payload Testing
ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression...
Endpoint for Out-of-Band Exfiltration: Arecibo
In the process of identifying and exploiting vulnerabilities, it is sometimes necessary to resort to Out of Band OOB techniques in order to exfiltrate information through DNS resolutions or HTTP requests. To address this kind of situation the faster and simpler solution can be the use of a Burp...
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
Title: Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery Add Admin Author: Gjoko 'LiquidWorm' Krstic @zeroscience Exploit Date: 2018-11-17 Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0801DU HW6.0 BL1.5 FW7.23 WF7.4 Tested on:...
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications 0day.today 2018-12-12...
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
...
Synaccess netBooter NP-0801DU 7.4 CSRF Add Admin Exploit
Summary netBooter™ NP-0801DU and NP-0801DUH PDUs provide secured remote power source management of 8 independent outlets. Includes true RMS AC current reading and environment temperature monitoring via TCP/IP networks or local direct connection. Description The application interface allows users ...
CVE-2018-0685
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search...
WordPress 4.6.x < 4.6.4 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
Drupal 8.3.x < 8.3.0-rc2 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the editor module due to a failure to properly check access restrictions when adding private files with a configured text editor e.g...
Drupal 8.x < 8.2.7 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the editor module due to a failure to properly check access restrictions when adding private files with a configured text editor e.g...
F5 Networks BIG-IP : BIG-IP ASM vulnerability (K12403422)
When the BIG-IP ASM system processes HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2018-5541 Impact BIG-IP When this vulnerability is exploited, the BIG-IP ASM system may experience a denial of service DoS. BIG-IP systems th...
EulerOS Virtualization 2.5.0 : ruby (EulerOS-SA-2018-1347)
According to the version of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a...
Ubuntu: Security Advisory (USN-3585-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Httplab - Inspect HTTP Requests And Forge Responses
The interactive web server. HTTPLabs let you inspect HTTP requests and forge responses. Install Golang go get github.com/gchaincl/httplab go install github.com/gchaincl/httplab/cmd/httplab Archlinux yaourt httplab Snap FIXME On systems where snap is supported: snap install httplab Binary...
CVE-2018-15402
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...