Lucene search
K

7691 matches found

NVD
NVD
added 2018/06/04 7:29 p.m.16 views

CVE-2017-16035

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...

9.3CVSS8AI score0.00732EPSS
Exploits0References1
Prion
Prion
added 2018/06/04 7:29 p.m.15 views

Information disclosure

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...

9.3CVSS8AI score0.00732EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/04 7:0 p.m.55 views

CVE-2017-16035

CVE-2017-16035 concerns the hubl-server module (HubL Development Server wrapper). Connected sources confirm that during installation hubl-server downloads dependencies from api.hubapi.com, which initially uses HTTPS but redirects to HTTP, enabling a man-in-the-middle to compromise installation in...

9.3CVSS7.9AI score0.00732EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2018/06/01 2:7 p.m.22 views

Empire GUI - Empire Client Application

The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework. It was written in Electron and utilizes websockets SocketIO on the backend to support multiuser interaction. The main goal of this project is to enable red teams, or any other color team, to work together...

7.8AI score
Exploits0References2
Atlassian
Atlassian
added 2018/06/01 5:29 a.m.567 views

Our documentation for running Confluence behind a http that terminates https is probably incorrect

Specifically, the https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html page says quote Note: don't include secure="true" in this connector. Make sure you've included correct values for protocol and proxyName. quote which differs from all of our other...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/06/01 5:29 a.m.21 views

Our documentation for running Confluence behind a http that terminates https is probably incorrect

Specifically, the https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html page says quote Note: don't include secure="true" in this connector. Make sure you've included correct values for protocol and proxyName. quote which differs from all of our other...

0.6AI score
Exploits0
NVD
NVD
added 2018/05/31 8:29 p.m.16 views

CVE-2016-10530

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

5.9CVSS5.6AI score0.01301EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.24 views

CVE-2016-10530

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

5.6AI score0.01301EPSS
Exploits0References2
Circl
Circl
added 2018/05/29 3:50 p.m.8 views

CVE-2012-10036

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/projectpieruploadexec.rb 2025-08-08 19:42:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvvz5t4y7z2e 2025-08-09...

9.3CVSS5.7AI score0.01511EPSS
Exploits0References3
n0where
n0where
added 2018/05/29 2:29 a.m.30 views

CERT Tapioca for MITM Analysis

CERT Tapioca is a utility for testing mobile or any other application using MITM techniques. CERT Tapioca development was sponsored by the United States Army Armament Research, Development and Engineering Center ARDEC as well as the United States Department of Homeland Security DHS. Installation...

0.1AI score
Exploits0References3
Hacker One
Hacker One
added 2018/05/27 3:39 p.m.41 views

DuckDuckGo: SSRF in proxy.duckduckgo.com via the image_host parameter

Description https://proxy.duckduckgo.com/iur/ endpoint is vulnerable to ssrf via imagehost get parameter. Vulnerable URL: https://proxy.duckduckgo.com/iur/?f=1&imagehost=https://tudomanyok.hu/ Some internal URL: https://proxy.duckduckgo.com/iur/?f=1&imagehost=https://127.0.0.1:18091/...

0.4AI score
Exploits0
Ubuntu
Ubuntu
added 2018/05/24 5:3 p.m.66 views

USN-3598-2: curl vulnerabilities

USN-3598-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary cod...

9.8CVSS7.3AI score0.12058EPSS
Exploits0
NVD
NVD
added 2018/05/24 1:29 p.m.29 views

CVE-2018-9920

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https:///Identity/STS/Forms/Scripts URL...

6.5CVSS6.5AI score0.00796EPSS
Exploits1References1
Fedora
Fedora
added 2018/05/23 4:0 p.m.43 views

[SECURITY] Fedora 27 Update: curl-7.55.1-11.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.8CVSS0.11175EPSS
Exploits0
Cvelist
Cvelist
added 2018/05/23 12:0 p.m.20 views

CVE-2018-7295

ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http befor...

8AI score0.00422EPSS
Exploits1References1
Kitploit
Kitploit
added 2018/05/18 1:36 p.m.16 views

GitBackdorizer - Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials

GitBackdorizer is a proof of concept, fully inspired in Ulisses Castro's 50 ton of backdoors talk, that abuses the lack of user attention to steal git access credentials. How it Works GitBackdorizer consists of three pieces: handler, dropper and the payload. Handler The handler sets up a HTTP...

7.3AI score
Exploits0References3
0day.today
0day.today
added 2018/05/18 12:0 a.m.150 views

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution', 'Description' = %q This...

7.5CVSS9.6AI score0.98931EPSS
Exploits19
Penetration Testing Lab
Penetration Testing Lab
added 2018/05/15 1:18 p.m.46 views

Lateral Movement – WinRM

WinRM stands for Windows Remote Management and is a service that allows administrators to perform management tasks on systems remotely. Communication is performed via HTTP 5985 or HTTPS SOAP 5986 and support Kerberos and NTLM authentication by default and Basic authentication. Usage of this servi...

3.3AI score
Exploits0
Kitploit
Kitploit
added 2018/05/10 9:49 p.m.15 views

FreeRADIUS Server Configuration Tool

Developed for the Linux operating system and written in the python programming language. The purpose of the program is to configure the FreeRADIUS server easily and quickly. To get a grasp of what FreeRADIUS is, it would help to firstly understand what the concept RADIUS stands for: RADIUS : RADI...

8.1AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2018/05/09 5:0 p.m.55 views

Netflix phish claims your membership is on hold

The days of ugly-looking phish pages hosted on something akin to a Geocities page are slowly receding into the distance. For quite some time now, phish attacks have made attempts to look fairly sophisticated and stand a decent chance of fooling anyone not keeping their guard up. Today, we have a...

6.9AI score
Exploits0
Rows per page
Query Builder