Lucene search
K

5908 matches found

0day.today
0day.today
added 2017/09/28 12:0 a.m.45 views

Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery Vulnerability

Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ==================...

7.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/09/26 12:0 a.m.35 views

libsoup: Arbitrary remote code execution

Background libsoup is an HTTP client/server library for GNOME. Description A stack based buffer overflow vulnerability was discovered in libsoup. Impact A remote attacker, by using specially crafted HTTP requests, could execute arbitrary code with the privileges of the process. Workaround There i...

9.8CVSS9.9AI score0.24337EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2017/09/18 12:0 a.m.4 views

Multiple Routers Unauthenticated Router Factory Reset (CVE-2017-14147)

An authentication bypass vulnerability exists in FiberHome routers and in other vendor routers. The vulnerability is due to an insufficient validation of HTTP requests sent to the router. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to th...

7.5CVSS2.5AI score0.65621EPSS
Exploits6
Amazon
Amazon
added 2017/09/13 12:0 a.m.58 views

Low: nginx

Issue Overview: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially...

7.5CVSS7.3AI score0.62597EPSS
Exploits6
Typo3
Typo3
added 2017/09/05 12:0 a.m.499 views

Information Disclosure in TYPO3 CMS

It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Information Disclosure Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0:...

7AI score
Exploits0Affected Software1
Huawei
Huawei
added 2017/09/01 12:0 a.m.25 views

Security Advisory - Privilege Escalation Vulnerability in Some Huawei APKs

Some Huawei APKs have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead t...

7.1CVSS6.9AI score0.0061EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/08/30 2:12 a.m.41 views

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...

6.1CVSS2AI score0.71601EPSS
Exploits1
0day.today
0day.today
added 2017/08/29 12:0 a.m.30 views

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access) Vulnerability

Exploit for jsp platform in category web applications HTML Decoded PoC: history.pushState'', '', '/' input type="hidden"...

7.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/29 12:0 a.m.85 views

NethServer 7.3.1611 (create.json) CSRF Create User And Enable SSH Access

Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...

5.8AI score
Exploits0
exploitpack
exploitpack
added 2017/08/28 12:0 a.m.23 views

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)

NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/28 12:0 a.m.60 views

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)

HTML Decoded PoC: history.pushState'', '', '/'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/08/21 12:0 a.m.48 views

Apache2Triad 1.5.4 CSRF / XSS / Session Fixation

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt + ISR: ApparitionSec Vendor: =============== apache2triad.net https://sourceforge.net/projects/apache2triad/ Product:...

7.4AI score0.15668EPSS
Exploits7
NVD
NVD
added 2017/08/17 8:29 p.m.18 views

CVE-2017-6785

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

4.3CVSS4.9AI score0.01581EPSS
Exploits0References3
0day.today
0day.today
added 2017/08/10 12:0 a.m.44 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Vulnerabilities

Exploit for jsp platform in category web applications !-- DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/08/09 12:0 a.m.41 views

DALIM SOFTWARE ES Core 5.0 Build 7184.1 XSS / CSRF

!-- DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 buil...

0.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.43 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

6.2AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/09 12:0 a.m.40 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery

!-- DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 buil...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/08/04 10:18 a.m.21 views

CVE-2017-12425

An integer overflow flaw, leading to assertion failure, was found in the way Varnish handled chunk sizes in HTTP requests. A remote attacker could use this flaw to make the Varnish daemon restart unexpectedly due to an assertion failure by sending a specially crafted HTTP request...

7.5CVSS1.5AI score0.02416EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/08/03 12:0 a.m.20 views

Debian DSA-3924-1 : varnish - security update

A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process. See https://varnish-cache.org/security/VSV00001.html for detail...

7.5CVSS7.2AI score0.02416EPSS
Exploits0References6
Kitploit
Kitploit
added 2017/07/31 10:12 p.m.26 views

CookieCatcher - Tool to assist in the exploitation of XSS

CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...

6.5AI score
Exploits0References1
Rows per page
Query Builder