Lucene search
K

5908 matches found

0day.today
0day.today
added 2018/05/22 12:0 a.m.31 views

Teradek Cube 7.3.6 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications i...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/05/22 12:0 a.m.29 views

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications input type="hidden" name="pw...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.37 views

Teradek Slice 7.3.15 Change Password Cross Site Request Forgery

...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/05/21 12:0 a.m.25 views

Teradek Slice 7.3.15 - Cross-Site Request Forgery

Teradek Slice 7.3.15 - Cross-Site Request Forgery...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2018/05/21 12:0 a.m.16 views

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery input type="hidden" name="pw2" value...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.41 views

Teradek Cube 7.3.6 - Cross-Site Request Forgery

input type="submit"...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2018/05/17 12:0 a.m.3 views

Quest NetVault Backup Multipart Request Authentication Bypass (CVE-2018-1163)

An authentication bypass vulnerability exists in the web interface component of Quest NetVault Backup. The vulnerability is due to how the server handles the HTTP requests...

10CVSS1.2AI score0.16331EPSS
Exploits0
0day.today
0day.today
added 2018/05/13 12:0 a.m.71 views

MyBB 1.8.x Denial of Service Exploit

MyBB Denial of Service Attack - 1.8.x Usage Info MyBB DoS POC Requirements python requests pip install requests Usage; python3 mybbdos.py -t "http://target/" -u username -p password !/usr/bin/env python3 import sys import requests import argparse import random import time def mainargv: global...

7.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2018/05/07 12:0 a.m.2 views

Jenkins Plugin Resources Directory Traversal (CVE-2018-6356)

A directory traversal vulnerability exists in Jenkins. The vulnerability is due to insufficient input validation of a request parameter in HTTP requests to the plugin resource directory...

4CVSS1.6AI score0.0388EPSS
Exploits0
NVD
NVD
added 2018/04/27 6:29 p.m.22 views

CVE-2018-10519

CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...

8.8CVSS8.9AI score0.01014EPSS
Exploits1References1
Hacker One
Hacker One
added 2018/04/27 4:2 p.m.56 views

New Relic: Blind SSRF in Ticketing Integrations Jira webhooks leading to internal network enumeration and blind HTTP requests

Summary The Ticketing Integrations Jira webhooks for Jira 5/6 and Jira 4 are vulnerable to Blind SSRF issues. These endpoints can be abused to map internal NewRelic network services and send blind HTTP GET and POST requests to identified services. Details The Ticketing Integrations Jira 4 and Jir...

0.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2018/04/19 8:0 p.m.9 views

CVE-2018-0260

A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker cou...

6.5AI score0.02383EPSS
Exploits0References2
Securelist
Securelist
added 2018/04/17 9:15 p.m.60 views

Leaking ads

When we use popular apps with good ratings from official app stores we assume they are safe. This is partially true – usually these apps have been developed with security in mind and have been reviewed by the app store's security team. However, we found that because of third-party SDKs many popul...

0.1AI score
Exploits0
Akamai Blog
Akamai Blog
added 2018/04/16 11:0 a.m.19 views

The Recipe for Web Performance Starts with the Right Ingredients: Page Construction Metrics

You can't manage what you can't measure. As devices grow in capacity and innovations allow us to do more with web apps, the complexity of our pages has grown, too. It becomes a balancing act to increase functionality while maintaining a performant and responsive site. Just like a great recipe, to...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/09 12:0 a.m.38 views

KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)

Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2018/04/07 12:0 a.m.538 views

KYOCERA Net Admin 3.4 Multiple XSS Vulnerabilities

Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...

5.9AI score
Exploits0
NVD
NVD
added 2018/04/04 6:29 p.m.19 views

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...

10CVSS9.4AI score0.02788EPSS
Exploits0References2
Prion
Prion
added 2018/04/04 6:29 p.m.15 views

Design/Logic Flaw

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...

10CVSS8.9AI score0.02788EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/04 6:0 p.m.20 views

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...

9.8CVSS9.2AI score0.02788EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/04/04 12:0 a.m.95 views

Apache HTTP Server Multiple Vulnerabilities (Apr 2018) - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

9.8CVSS7.3AI score0.86006EPSS
Exploits0References6
Rows per page
Query Builder