Lucene search
+L

70 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:20 p.m.4 views

Malicious code in watch-knock-at-2023-cabin-online-streaming-at-home (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:18 p.m.23 views

Knock Knock plugin Open redirection vulnerability

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection...

6.1CVSS7.2AI score0.0068EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 5:18 p.m.15 views

GHSA-M69R-4H68-XQ7J Knock Knock plugin Open redirection vulnerability

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection...

6.1CVSS6.2AI score0.0068EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:18 p.m.18 views

Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.1CVSS7.2AI score0.01355EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 5:18 p.m.29 views

GHSA-WXVR-QQM7-6H65 Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.1CVSS9.3AI score0.01355EPSS
Exploits1References4
CNVD
CNVD
added 2020/05/26 12:0 a.m.6 views

Knock Knock Input Validation Error Vulnerability

Pixel & Tonic Craft CMS is the United States Pixel & Tonic company's set of content management system CMS.Knock Knock is one of the access rights management plugin. A security vulnerability exists in Knock Knock versions prior to 1.2.8 for Pixel & Tonic Craft CMS. An attacker can exploit this...

6.1CVSS6.8AI score0.0068EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/26 12:0 a.m.7 views

Knock Knock Security Restriction Bypass Vulnerability

Pixel & Tonic Craft CMS is the United States Pixel & Tonic company's set of content management system CMS.Knock Knock is one of the access rights management plugin. A security vulnerability exists in Knock Knock versions prior to 1.2.8 for Pixel & Tonic Craft CMS. The vulnerability can be exploit...

9.1CVSS6.8AI score0.01355EPSS
Exploits1References1
NVD
NVD
added 2020/05/25 11:15 p.m.17 views

CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.1CVSS9.3AI score0.01355EPSS
Exploits1References2
OSV
OSV
added 2020/05/25 11:15 p.m.15 views

CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.1CVSS7AI score
Exploits0References2
OSV
OSV
added 2020/05/25 11:15 p.m.12 views

CVE-2020-13486

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection...

6.1CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/05/25 11:15 p.m.15 views

Design/Logic Flaw

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

6.4CVSS9.2AI score0.01355EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/05/25 11:15 p.m.16 views

Information disclosure

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection...

5.8CVSS6.3AI score0.0068EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/25 10:38 p.m.20 views

CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.4AI score0.01355EPSS
Exploits1References2
CVE
CVE
added 2020/05/25 10:38 p.m.48 views

CVE-2020-13485

The Knock Knock plugin for Craft CMS is affected up to version 1.2.7 (pre-1.2.8). The root cause is a flawed IP whitelisting mechanism that trusts the X-Forwarded-For header, allowing an attacker to bypass IP-based access controls. Impact: potential unauthorized access due to bypassed whitelist; ...

9.1CVSS9.2AI score0.01355EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/05/25 10:38 p.m.45 views

CVE-2020-13486

CVE-2020-13486 affects the Knock Knock plugin for Craft CMS (versions before 1.2.8). The root cause is an open redirection vulnerability arising from insufficient validation of redirect parameters, as documented by multiple sources in the connected records. The impact is malicious redirection; ex...

6.1CVSS6.2AI score0.0068EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/25 10:38 p.m.18 views

CVE-2020-13486

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection...

6.3AI score0.0068EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/04/14 12:0 p.m.157 views

Domained - Multi Tool Subdomain Enumeration

A domain name enumeration tool The tools contained in domained requires Kali Linux preferred or Debian 7+ and Recon-ng domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots,...

7.4AI score
Exploits0References20
CNVD
CNVD
added 2019/11/28 12:0 a.m.1 views

DLL Hijacking Vulnerability in Knock Knock pc Client Software

Jingdongdong is the official communication platform between customers, merchants and Jingdong, providing a channel for customers and merchants to give feedback. A DLL hijacking vulnerability exists in the Knockturn pc client software, which can be exploited by an attacker to inject an executable...

7AI score
Exploits0
Kitploit
Kitploit
added 2019/07/05 9:56 p.m.272 views

Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone

Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/09/08 11:9 a.m.18 views

DHS Urges Vigilance in Protecting Networking Gear

After a summer of high-profile attacks and disclosures centered around enterprise network infrastructure, the Department of Homeland Security on Tuesday put out an alert explaining some of the tactics used by advanced attackers, and urged special caution in maintaining supply chain integrity. The...

4.3CVSS0.4AI score0.01995EPSS
Exploits0References7
Rows per page
Query Builder