Lucene search
+L

535 matches found

Prion
Prion
added 2021/08/20 6:15 p.m.17 views

Information disclosure

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information...

5CVSS7.1AI score0.00895EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/20 5:24 p.m.29 views

CVE-2021-21823

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information...

5.3CVSS7.4AI score0.00895EPSS
Exploits0References1
CVE
CVE
added 2021/08/20 5:24 p.m.48 views

CVE-2021-21823

Komoot GmbH Komoot Android app: The Friend finder allows substring search in versions 10.26.9–11.1.11, enabling enumeration of user emails and profile IDs via crafted requests. This information disclosure impact is documented with CVSSv3 5.3. Vendor patch issued in 2021-05-28; apply the patched r...

7.5CVSS7.1AI score0.00895EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/07/16 11:15 a.m.38 views

CVE-2021-21820

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability...

10CVSS0.02962EPSS
Exploits1References1
OSV
OSV
added 2021/07/16 11:15 a.m.6 views

CVE-2021-21820

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.8CVSS7.4AI score
Exploits0References1
Cvelist
Cvelist
added 2021/07/16 10:24 a.m.31 views

CVE-2021-21818

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability...

7.5CVSS7.7AI score0.01948EPSS
Exploits2References1
Talos
Talos
added 2021/07/15 12:0 a.m.106 views

D-LINK DIR-3040 Syslog information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1283 D-LINK DIR-3040 Syslog information disclosure vulnerability July 15, 2021 CVE Number CVE-2021-21818 Summary A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network...

7.5CVSS7.5AI score0.01948EPSS
Exploits2
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.6 views

Allen-Bradley Flex IO Security Vulnerability

Allen-Bradley Flex IO is a remote IO suite in an industrial automation control system from Allen-bradley USA. A security vulnerability exists in Allen-Bradley Flex IO that stems from a specially crafted network request that could result in a denial of service by interrupting communication with th...

7.5CVSS7.1AI score0.03454EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/01/07 12:0 a.m.10 views

Rockwell Automation RSLinx Classic 缓冲区错误漏洞

Rockwell Automation RSLinx Classic is a suite of industrial communication solutions from Rockwell Automation. The solution supports access to RockwellSoftware, Allen-Bradley applications, etc. via Allen-Bradley programmable controllers. A denial of service vulnerability exists in Rockwell...

7.5CVSS7.1AI score0.03388EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/12/24 1:43 p.m.39 views

h1-ctf: Invading Grinch Network and Saving Christmas

How we saved Christmas As usual with H1 CTF challenges we are provided with a target URL. In our case it is the following: https://hackyholidays.h1ctf.com/ We started by visiting the URL and see what is going on. All we could see is a page with an image with a warning message. F1125722 We quickly...

7.5AI score
Exploits0
OSV
OSV
added 2020/12/11 4:15 a.m.19 views

CVE-2020-13530

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigg...

7.5CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2020/12/11 4:15 a.m.17 views

CVE-2020-13556

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS7.7AI score
Exploits0References1
Prion
Prion
added 2020/12/11 4:15 a.m.10 views

Cross site scripting

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

7.5CVSS9.7AI score0.04519EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2020/12/02 12:0 a.m.58 views

EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS9.6AI score0.04519EPSS
Exploits1
Cisco
Cisco
added 2020/11/18 4:0 p.m.131 views

Cisco Expressway Software TURN Server Configuration Issue

The Traversal Using Relays around NAT TURN server component of Cisco Expressway software supports the relay of media connections through a firewall using proxy services. As a result of this feature, interfaces such as the Cisco Expressway web administrative interface may become accessible from...

6.6AI score
Exploits0References1
Kitploit
Kitploit
added 2020/07/13 12:30 p.m.31 views

Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily

CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI. Install Make sure Node.js is installed, then run $ npm install --global padding-oracle-attacker or $ yarn global add padding-oracle-attacker CLI Usage Usage $...

7.7AI score
Exploits0References7
Prion
Prion
added 2020/06/24 5:15 a.m.22 views

Hardcoded credentials

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...

5CVSS7.4AI score0.01656EPSS
Exploits1References1Affected Software10
CVE
CVE
added 2020/06/24 4:50 a.m.62 views

CVE-2020-10270

CVE-2020-10270 affects MiR robotic fleet (MiR100/MiR200, potentially others) where the Control Dashboard is reachable on a hardcoded IP via wired/wireless interfaces. The flaw enables control of the robot through default, widely known credentials, as documented in past guides, and may be extended...

9.8CVSS7.2AI score0.01656EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/06/09 12:0 a.m.2 views

IBM Maximo Asset Management Code Issue Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A code issue...

7.4CVSS7AI score0.00821EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.20 views

Server-Side Request Forgery

Web applications often rely on network requests to query external resources and retrieve data in order to process it. A Server-Side Request Forgery SSRF vulnerability exists when an attacker is able to control these outbound requests and send it to a resource he owns, to the localhost itself, or ...

7.6AI score
Exploits0References5
Rows per page
Query Builder