Lucene search
K

6348 matches found

RedhatCVE
RedhatCVE
added 2020/05/15 6:25 p.m.48 views

CVE-2020-12888

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...

4.7CVSS6.4AI score0.00404EPSS
Exploits0References3
Kitploit
Kitploit
added 2020/05/15 12:30 p.m.548 views

DiscordRAT - Discord Remote Administration Tool Fully Written In Python

Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Disclaimer: This tool is for educational use only, the author will not be held responsible for any misuse of this tool. This is my first project on github as...

7.5AI score
Exploits0References1
Gitee
Gitee
added 2020/05/13 9:34 p.m.2 views

metasploit-framework

This is an instance of the Metasploit Framework repository, a widely used penetration testing tool. The Metasploit Framework is a comprehensive platform for testing and exploiting vulnerabilities in computer systems and applications. It is a collection of tools and scripts that can be used to...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/13 12:0 a.m.207 views

Tryton 5.4 Cross Site Scripting

Document Title: =============== Tryton v5.4 - Name Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2233 Release Date: ============= 2020-05-12 Vulnerability Laboratory ID VL-ID: ==================================== 22...

7.4AI score
Exploits0
NVD
NVD
added 2020/05/12 6:15 p.m.13 views

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

5CVSS6AI score0.00406EPSS
Exploits0References3
OSV
OSV
added 2020/05/12 6:15 p.m.15 views

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

5CVSS5AI score0.00406EPSS
Exploits0References3
OSV
OSV
added 2020/05/12 6:15 p.m.2 views

DEBIAN-CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

5CVSS8.8AI score0.00406EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/05/12 6:15 p.m.26 views

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

5CVSS6.7AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/05/12 12:0 a.m.7 views

PT-2020-6568

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.7.16 Ansible Engine versions 2.8.x through 2.8.10 Ansible Engine versions 2.9.x through 2.9.6 Ansible Tower versions 3.4.5 and earlier Ansible Tower versions 3.5.5 and earlier Ansible Tower version 3.6.3...

5.1CVSS7.5AI score0.00406EPSS
Exploits0References177
OSV
OSV
added 2020/05/11 2:15 p.m.1 views

DEBIAN-CVE-2020-10685

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

5.5CVSS8.8AI score0.00376EPSS
Exploits0References1
Prion
Prion
added 2020/05/11 2:15 p.m.20 views

Design/Logic Flaw

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

1.9CVSS6AI score0.00376EPSS
Exploits0References4Affected Software6
0day.today
0day.today
added 2020/05/11 12:0 a.m.42 views

Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting Vendor: http://www.sentrifugo.com/ Link: http://www.sentrifugo.com/download Version: 3.2 Product & Service Introduction: ===============================...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/05/11 12:0 a.m.6 views

PT-2020-6574

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.7.17 Ansible Engine versions 2.8.x through 2.8.11 Ansible Engine versions 2.9.x through 2.9.7 Ansible Tower versions 3.4.5 and earlier Ansible Tower versions 3.5.5 and earlier Ansible Tower versions 3.6....

6.8CVSS7.3AI score0.00376EPSS
Exploits0References169
CNVD
CNVD
added 2020/05/08 12:0 a.m.3 views

LeptonCMS Cross-Site Scripting Vulnerability (CNVD-2020-35505)

LeptonCMS is a content management system CMS for the Lepton Project. A cross-site scripting vulnerability exists in the modules/wysiwyg/save.php file in LeptonCMS version 4.5.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

6.1CVSS6.4AI score0.01225EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/05/08 12:0 a.m.3 views

The vulnerability of the parsec inode permission module in the linux-astra-modules package, related to access control deficiencies for non-functional Unix sockets, allows a intruder to compromise data integrity.

The vulnerability of the parsec inode permission module in the linux-astra-modules package is related to deficiencies in access control for non-functional Unix sockets. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

5.3CVSS5.5AI score
Exploits0References1
OSV
OSV
added 2020/05/07 8:15 p.m.15 views

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

6.1CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2020/05/07 7:9 p.m.16 views

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

6AI score0.01225EPSS
Exploits1References1
OSV
OSV
added 2020/05/06 5:2 p.m.4 views

DRUPAL-CONTRIB-2020-017

This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...

7AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/06 12:0 a.m.54 views

[20200601] - Core - XSS in modules heading tag option

Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks...

6.1CVSS2.6AI score0.0096EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2020/05/03 10:10 a.m.18 views

Node.js third-party modules: [xps] Command Injection via insecure command concatenation

I would like to report a Command Injection issue in the xps module. It allows to execute arbitrary commands on the victim's PC. Module module name: xps version: 1.0.2 npm page: https://www.npmjs.com/package/xps Module Description xps is a cross-platform library for listing and killing processes...

0.8AI score
Exploits0
Rows per page
Query Builder