Lucene search
K

7691 matches found

OSV
OSV
added 2021/09/02 10:0 p.m.17 views

GHSA-Q9MP-79CP-9G8J Improper Authentication

Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERRBADSSLCLIENTAUTHCERT should have occurred...

7.5CVSS7.3AI score0.01557EPSS
Exploits1References4
Huntr
Huntr
added 2021/09/02 3:11 a.m.15 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in flatpressblog/flatpress

✍️ Description The secure flag is not set for session cookies in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being...

0.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/26 9:30 p.m.25 views

BeaconEye - Hunts Out CobaltStrike Beacons And Logs Operator Command Output

BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity. How it works BeaconEye will scan live processes or MiniDump files for suspected CobaltStrike beacons. In live process mode,...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2021/08/26 3:57 a.m.45 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in azuracast/azuracast

✍️ Description The secure flag is not set for appsession cookie in the application. 🕵️‍♂️ Proof of Concept PoC Image: https://i.ibb.co/v1y0Fdv/cookie-flag.png 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP...

0.4AI score
Exploits0References1
Citrix
Citrix
added 2021/08/26 12:0 a.m.10 views

Hotfix XS82E031 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...

7.3AI score
Exploits0
OSV
OSV
added 2021/08/25 8:43 p.m.15 views

GHSA-9XJR-M6F3-V5WM HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

4.8CVSS4.9AI score0.00738EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/08/25 8:43 p.m.34 views

HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

5.8CVSS5.3AI score0.00738EPSS
Exploits0References6Affected Software1
Huntr
Huntr
added 2021/08/25 12:53 p.m.12 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in froxlor/froxlor

✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

0.3AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2021/08/25 7:0 a.m.3 views

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter no error was returned and connections to servers with an expired certificate would have been accepted.

...

5.3CVSS5.1AI score0.1473EPSS
Exploits1
Huntr
Huntr
added 2021/08/21 10:39 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in slackero/phpwcms

✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

0.3AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/16 9:30 p.m.28 views

PickleC2 - A Post-Exploitation And Lateral Movements Framework

PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell modul...

7.2AI score
Exploits0References1
CVE
CVE
added 2021/08/16 8:50 p.m.136 views

CVE-2021-32827

CVE-2021-32827 affects MockServer. The issue arises from a combination of an overly broad default CORS configuration and support for dynamic expectations via Javascript/Velocity templates , which may allow an attacker to perform script injection and arbitrary code execution on the MockServer host...

9.6CVSS8.1AI score0.02164EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/08/16 7:15 p.m.13 views

CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5.3CVSS0.1473EPSS
Exploits1References9
OSV
OSV
added 2021/08/16 7:15 p.m.90 views

CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5.3CVSS1.6AI score
Exploits0References9
OSV
OSV
added 2021/08/16 7:15 p.m.2 views

DEBIAN-CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5.3CVSS6.4AI score0.1473EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/08/16 7:15 p.m.38 views

CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5.3CVSS6.8AI score0.1473EPSS
Exploits1References2
Prion
Prion
added 2021/08/16 7:15 p.m.24 views

Code injection

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5CVSS7.1AI score0.1473EPSS
Exploits1References9Affected Software7
OSV
OSV
added 2021/08/16 7:15 p.m.2 views

UBUNTU-CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5.3CVSS6.7AI score0.1473EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/08/16 12:0 a.m.29 views

CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

7.7AI score0.1473EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2021/08/16 12:0 a.m.7 views

PT-2021-6779 · Node.Js +7 · Node.Js +7

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to insufficient validation of the rejectUnauthorized value in the Node.js https API. If the rejectUnauthorized parameter is set to undefined, no error is returned, and...

9.8CVSS6.4AI score0.77385EPSS
Exploits31References267
Rows per page
Query Builder