Lucene search
K

2972 matches found

BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.3 views

The vulnerability of the `HttpUtils#getURLConnection` method in the Apache Calcite dynamic data management framework allows a attacker to execute a “man-in-the-middle” attack or gain unauthorized access to protected information.

The vulnerability of the HttpUtilsgetURLConnection method in the Apache Calcite dynamic data management framework is related to the absence of authentication procedures. Exploiting this vulnerability could allow an attacker to execute a “man-in-the-middle” attack or gain unauthorized access to...

5.9CVSS7AI score0.02115EPSS
Exploits0References4Affected Software1
Gitee
Gitee
added 2021/03/30 12:38 p.m.5 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的,主要是一些反序列化的poc真的不好写,我也不咋会.. USE 使用前请先填写config.py中的server参数...

9.8CVSS7.1AI score0.99993EPSS
Exploits102
Metasploit
Metasploit
added 2021/03/26 5:42 p.m.166 views

SAP Solution Manager remote unauthorized OS commands execution

This module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet tcsmdagentapplicationeem of SAP Solution Manager SolMan running version 7.2. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get...

10CVSS9.5AI score0.98376EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/03/17 12:0 a.m.347 views

Trojan-Dropper.Win32.Delf.p Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Delf.p Vulnerability: Missing Authentication Description: Delf.p drops an...

0.2AI score
Exploits0
GithubExploit
GithubExploit
added 2021/03/07 4:30 p.m.60 views

Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-21972 CVE-2021-21972 Unauthorized RCE in VMware vCent...

10CVSS10AI score0.9957EPSS
Exploits47
GithubExploit
GithubExploit
added 2021/03/03 3:1 a.m.53 views

Exploit for Path Traversal in Vmware Cloud_Foundation

cve-2021-21972 Usage Instructions p...

10CVSS7.5AI score0.9957EPSS
Exploits47
BDU FSTEC
BDU FSTEC
added 2021/03/03 12:0 a.m.4 views

The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 lies in the absence of authentication for a critical function, allowing a perpetrator to restart the vulnerable device.

The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a remote attacker to reboot the vulnerable device...

7.8CVSS6.9AI score0.0108EPSS
Exploits0References3Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2021/02/26 12:0 a.m.36 views

(Pwn2Own) NETGEAR R7800 funjsq_httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refreshstatus.aspx endpoint. The issue results from a lack of authentication required ...

6.3CVSS2.7AI score0.01262EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2021/02/25 5:10 a.m.108 views

Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-21972 checker VMware vCenter Server CVE-2021-21972...

10CVSS10AI score0.9957EPSS
Exploits47
Packet Storm
Packet Storm
added 2021/02/25 12:0 a.m.428 views

Backdoor.Win32.Wollf.h Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4932471df98b0e94db076f2b1c0339bd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Missing Authentication Description: Wollf backdoor creates a...

Exploits0
NVD
NVD
added 2021/02/24 12:15 p.m.14 views

CVE-2021-20662

Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors...

7.5CVSS0.02093EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2021/02/24 9:56 a.m.150 views

Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-21972-vCenter-6.5-7.0-RCE-POC poc Jus...

10CVSS10AI score0.9957EPSS
Exploits47
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/19 7:44 a.m.4 views

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Improper access control CWE-284 - CVE-2021-20657 OS command injection CWE-78 - CVE-2021-20658 Unrestricted upload of...

10CVSS8.3AI score0.7332EPSS
Exploits22References37
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/19 12:0 a.m.357 views

JVN#37417423: Multiple vulnerabilities in SolarView Compact

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 3.5 CVSS v2|...

10CVSS8.9AI score0.7332EPSS
Exploits22
Packet Storm
Packet Storm
added 2021/02/15 12:0 a.m.582 views

Backdoor.Win32.Cafeini.08.b Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8225bb6b430d5cdf523c4d0cabbe5793.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.08.b Vulnerability: Missing Authentication Description: The backdoor is writt...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2021/02/14 2:49 p.m.604 views

Acronis: Found multiple SAP NetWeaver vulnerable services

Summary: Hello Team, I found two redapi.acronis.com and redapi2.acronis.com sap Netweaver vulnerable services. They do not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system,...

10CVSS7.8AI score0.94719EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2021/02/11 9:18 p.m.108 views

CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)

Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function." This vulnerability CVE-2021-22652 has a CVSSv3 score of 9.8, which is usually CRITICAL, since it effectively allows anyone who can connect to the iView server to run...

7.5CVSS0.1AI score0.36845EPSS
Exploits4
OSV
OSV
added 2021/02/11 6:15 p.m.3 views

CVE-2021-22652

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution...

9.8CVSS7.4AI score0.36845EPSS
Exploits4References2
CNNVD
CNNVD
added 2021/02/11 12:0 a.m.7 views

Lucee Server Authorization Issues Vulnerability

An authorization issue vulnerability exists in Lucee Server that arises from a lack of authentication measures or insufficient authentication strength in a network system or product...

9.8CVSS7.3AI score0.89189EPSS
Exploits5References7
Packet Storm
Packet Storm
added 2021/02/11 12:0 a.m.378 views

Backdoor.Win32.BackAttack.18 Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c806d23f4343ab40cf897e9c38b5c1c3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BackAttack.18 Vulnerability: Multiple Vulnerabilities Description: BackAttack.18 v1.8...

0.2AI score
Exploits0
Rows per page
Query Builder