Lucene search
K

11635 matches found

Metasploit
Metasploit
added 2025/02/20 6:55 p.m.368 views

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an MIPSBE payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/mipsbe/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/02/19 11:34 p.m.5 views

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

6.3CVSS6.3AI score0.00265EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2025/02/19 3:7 p.m.8 views

Device Code Phishing

This isn't new, but it's increasingly popular: The technique is known as device code phishing. It exploits "device code flow," a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar...

7.9AI score
Exploits0
OSV
OSV
added 2025/02/19 7:17 a.m.19 views

BIT-PYTHON-2024-3220

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS6.2AI score0.00478EPSS
Exploits0References2
Amazon
Amazon
added 2025/02/19 12:0 a.m.31 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method CVE-2024-49860 In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API busregister CVE-2024-50055 Affecte...

7.8CVSS7AI score0.00253EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/19 12:0 a.m.17 views

Amazon Linux AMI : kernel (ALAS-2025-1960)

The version of kernel installed on the remote host is prior to 4.14.355-195.591. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1960 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method...

7.8CVSS6.6AI score0.00253EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/15 9:25 p.m.12 views

CVE-2025-26473

The Mojave Inverter uses the GET method for sensitive information...

8.7CVSS6.8AI score0.00428EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/15 12:0 a.m.10 views

Fedora 41 : libheif (2025-8fdb7be3cb)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8fdb7be3cb advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more...

8.1CVSS7.8AI score0.00825EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/14 10:47 a.m.8 views

CVE-2024-26307

Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...

5.3CVSS6.9AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:9 a.m.23 views

CVE-2024-35081

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method...

7.5CVSS7.4AI score0.00461EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.2 views

PTT HGS Mobile App 安全漏洞

PTT HGS Mobile App is a mobile application from PTT Turkey that is used to facilitate the management and payment of Highway Electronic Toll Collection System HGS fees. A security vulnerability exists in PTT HGS Mobile App versions prior to 6.5.0, which stems from the presence of a vulnerability...

8.5CVSS6.6AI score0.00343EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/13 11:13 p.m.11 views

CVE-2024-35080

An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

9.8CVSS7.7AI score0.00584EPSS
Exploits0References1
NVD
NVD
added 2025/02/13 10:15 p.m.10 views

CVE-2025-26473

The Mojave Inverter uses the GET method for sensitive information...

8.7CVSS0.00428EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/13 9:17 p.m.9 views

CVE-2025-26473 Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings

The Mojave Inverter uses the GET method for sensitive information...

8.7CVSS7.6AI score0.00428EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/13 7:34 p.m.13 views

CVE-2023-37569

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker ...

8.8CVSS7.6AI score0.24029EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2025/02/13 2:42 a.m.4 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.2 views

Outback Power Mojave Inverter 安全漏洞

Outback Power Mojave Inverter is an AC inverter from Outback Power. A security vulnerability exists in the Outback Power Mojave Inverter that originates from the ability to obtain sensitive information using the GET method...

8.7CVSS6.4AI score0.00428EPSS
Exploits0References2
OSV
OSV
added 2025/02/12 7:17 p.m.4 views

CLSA-2025-1739387851 tomcat: Fix of CVE-2023-42794

CVE-2023-42794: restore the finalize method...

5.9CVSS6.8AI score0.01854EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/12 4:5 a.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/02/11 6:32 a.m.12 views

PCI DSS. Where to start?

TL;DR Determine your role: Merchant or service provider Determine your level and requirements Identify your validation method: SAQ or RoC Use the PCI website Introduction The Payment Card Industry Data Security Standard, or PCI DSS, outlines essential requirements for protecting both you and your...

7.3AI score
Exploits0
Rows per page
Query Builder