Lucene search
K

6348 matches found

Huntr
Huntr
added 2021/08/31 12:24 p.m.11 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️‍♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/08/31 9:29 a.m.2 views

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

7.2CVSS6.7AI score0.0642EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2021/08/27 12:0 a.m.4 views

The vulnerability of the communication interface for Smartlink modular equipment, the microprogrammed wireless energy sensor PowerTag, and Wiser controllers, related to the use of insufficiently random values, allows intruders to gain increased privileges.

The vulnerability of the communication interface for Smartlink module equipment, the microprogrammed wireless energy sensor PowerTag, and Wiser controllers is related to the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to exploit the system...

7.1CVSS7.8AI score0.01415EPSS
Exploits0References3Affected Software6
vulnersOsv
vulnersOsv
added 2021/08/25 3:30 p.m.4 views

@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)

tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: SNYK:JS-TEMPURA-1569633...

6.1CVSS6.3AI score0.01219EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/08/25 2:42 p.m.4 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37669 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37669 Source advisory: OSV:GHSA-VMJW-C2VP-P33C...

5.5CVSS5.8AI score0.00175EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/08/25 2:40 p.m.3 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37682 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37682 Source advisory: OSV:GHSA-4C4G-CRQM-XRXW...

7.1CVSS6.3AI score0.0018EPSS
Exploits0
Securelist
Securelist
added 2021/08/24 10:0 a.m.34 views

Triada Trojan in WhatsApp mod

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2021/08/23 12:30 p.m.54 views

Process-Dump - Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis

Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/20 9:30 p.m.16 views

PackageDNA - Tool To Analyze Software Packages Of Different Programming Languages That Are Being Or Will Be Used In Their Codes

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, i...

7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/08/12 1:53 a.m.297 views

Moderate: Red Hat Security Advisory: ACS 3.64 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. Red Hat Product Security has rated this update as having a "Moderate" security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.07032EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.26 views

Mitsubishielectric Melsec Uncontrolled Resource Consumption

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 EN CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU...

5CVSS2.3AI score0.03529EPSS
Exploits0References4
OSV
OSV
added 2021/08/09 7:15 p.m.2 views

DEBIAN-CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...

8.8CVSS8.1AI score0.01322EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/08/09 12:0 a.m.26 views

Ubuntu 21.04 : Perl vulnerability (USN-5033-1)

The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5033-1 advisory. It was discovered that the Perl Encode library incorrectly handled paths. A local attacker could possibly use this issue to trick the library into executing arbitrary...

7.8CVSS7.9AI score0.01397EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2021/08/06 8:26 p.m.64 views

Metasploit Wrap-Up

Desert heat not the 1999 film This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules 15519 and 15520 from researcher Jacob Baines’ DEF CON talk ​​Bring You...

7AI score
Exploits0
NVD
NVD
added 2021/08/06 5:15 p.m.21 views

CVE-2021-20597

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

9.1CVSS0.0222EPSS
Exploits0References3
ICS
ICS
added 2021/08/06 6:0 a.m.63 views

Mitsubishi Electric MELSEC iQ-R Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-R Series CPU Module Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

9.1CVSS8.4AI score0.01304EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2021/08/05 12:0 a.m.4 views

PT-2021-8030 · Mitsubishi · Melsec Iq-R Series Safety Cpu Modules R08/16/32/120Sfcpu +1

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26 MELSEC iQ-R Series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11 Description: The issue is related to the exposure of sensitiv...

7.5CVSS7.3AI score0.0237EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2021/08/04 8:30 p.m.253 views

Several Malware Families Targeting IIS Web Servers With Malicious Modules

A systematic analysis of attacks against Microsoft's Internet Information Services IIS servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight...

0.5AI score
Exploits0
Prion
Prion
added 2021/08/04 7:15 p.m.19 views

Denial of service

An uncontrolled resource consumption denial of service vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via...

7.8CVSS7.5AI score0.01022EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2021/08/04 12:0 a.m.6 views

HCC Embedded InterNiche 安全特征问题漏洞

The SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 7KM PAC The Switched Ethernet PROFIN...

9.1CVSS5.5AI score0.02051EPSS
Exploits0References8
Rows per page
Query Builder