1762 matches found
ALPINE-CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
Directory Traversal
localhost-now is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization on the file path, allowing malicious file paths to result in directory traversal attacks...
WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting
WUZHI CMS 4.1.0 - tagpinyin Cross-Site Scripting Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An...
PT-2018-17921 · Node.Js +3 · Node.Js +3
Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x and later Description: The issue allows for a DNS rebinding attack, potentially leading to remote code execution. This can be exploited by malicious websites open in a web browser on the same computer or another computer...
Metasploit msfd Remote Code Execution Via Browser
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit msfd Remote Code Execution via Browser', 'Description' = %q Metasploit's msfd-service makes it possible to get a msfconsole-like...
Metasploit msfd Remote Code Execution via Browser
Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These...
DNS Rebinding
github.com/coreos/etcd is vulnerable to DNS rebinding. The vulnerability exists because it does not prevent the attacker to use its DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...
Cosmo Arbitrary PHP Code Execution Vulnerability
Cosmo is a set of CMS Content Management System built on AngularJS and PHP. A security vulnerability exists in Cosmo version 1.0.0Beta6. The vulnerability can be exploited to execute arbitrary PHP code via the Database Prefix field in the Database Info screen on the localhost/Cosmo/install.php li...
Path Traversal
Overview Versions of localhost-now before 1.0.2 are vulnerable to path traversal. This allows a remote attacker to read the content of an arbitrary file. Recommendation Update to version 1.0.2 or later. References - GitHub Commit 30b004c - HackerOne Report - GitHub Advisory...
FreeBSD : wordpress -- multiple issues (be38245e-44d9-11e8-a292-00e04c1ea73d)
wordpress developers reports : Don't treat localhost as same host by default. Use safe redirects when redirecting the login page if SSL is forced. Make sure the version string is correctly escaped for use in generator tags. C Tenable Network Security, Inc. The descriptive text and package checks ...
Cobub Razor 0.8.0 - Physical Path Leakage
Cobub Razor 0.8.0 - Physical Path Leakage Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...
DEBIAN-CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...
CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...
CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...
Code injection
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...
CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...
UBUNTU-CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...