Lucene search
K

189 matches found

Prion
Prion
added 2020/10/14 1:15 p.m.25 views

Denial of service

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

5CVSS7.3AI score0.03454EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/10/14 12:45 p.m.37 views

CVE-2020-6083

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

7.5CVSS7.3AI score0.03454EPSS
Exploits1References1
CVE
CVE
added 2020/10/14 12:35 p.m.73 views

CVE-2020-6087

CVE-2020-6087 affects Allen-Bradley Flex IO 1794-AENT/B (Series B) via the ENIP Request Path Data Segment. The vulnerability occurs when the ANSI Extended Symbol Segment Sub-Type is used; the following byte is treated as the Data Size in words, and if it exceeds the packet data, the device faults...

7.8CVSS7.2AI score0.03515EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/10/14 12:34 p.m.34 views

CVE-2020-6086

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

7.5CVSS7.2AI score0.03515EPSS
Exploits1References1
CVE
CVE
added 2020/10/14 12:34 p.m.81 views

CVE-2020-6086

CVE-2020-6086 affects Allen-Bradley Flex IO 1794-AENT/B (EtherNet/IP ENIP) in the ENIP Request Path Data Segment. The issue is triggered when a Simple Data Segment Sub-Type is used: the byte after the segment is treated as the Data Size in words, and if that value exceeds the remaining packet dat...

7.8CVSS7.2AI score0.03515EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2020/10/13 12:0 a.m.46 views

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Data Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.8CVSS7.3AI score0.03515EPSS
Exploits2
Talos
Talos
added 2020/10/13 12:0 a.m.101 views

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Port Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS7.4AI score0.03454EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/06/17 7:44 p.m.4 views

jenkins: CSRF protection bypass via crafted URLs

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...

8.8CVSS7.4AI score0.01993EPSS
Exploits0References5
Kitploit
Kitploit
added 2020/02/29 8:40 p.m.143 views

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

7.1AI score
Exploits0References1
OSV
OSV
added 2019/07/19 6:15 a.m.3 views

CVE-2019-13969

Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=uiset&m=admin&c=index&a=dogettextcontent&table=lang&field=1 request...

8.8CVSS7.4AI score0.01269EPSS
Exploits1References1
OSV
OSV
added 2019/03/30 5:29 p.m.3 views

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

6.5CVSS5.8AI score0.01489EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/03/01 12:0 a.m.5 views

The vulnerability of Secutech router microprogramming software, related to insufficient verification of data authenticity, allows a hacker to alter DNS settings.

The vulnerability of Secutech router microprogramming software is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor to alter DNS settings by making a request to goform/AdvSetDns?GO=wandns.asp...

8.6CVSS7.6AI score0.00571EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/02/23 6:29 p.m.4 views

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332...

8.8CVSS7.3AI score0.00572EPSS
Exploits0References1
OSV
OSV
added 2019/01/11 9:7 p.m.11 views

MGASA-2019-0035 Updated python-django packages fix security vulnerability

An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the...

6.5CVSS6.5AI score0.03685EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/11/27 12:0 a.m.5 views

PT-2018-2973

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Description The issue is related to HTTP request splitting, where Node.js can be tricked into using unsanitized user-provided Unicode data for the path option of an HTTP request...

9.8CVSS7.1AI score0.95707EPSS
Exploits54References296
Kitploit
Kitploit
added 2018/10/07 9:34 p.m.83 views

DNSDiag - DNS Diagnostics And Performance Measurement Tools

Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to mak...

7.3AI score
Exploits0References3
CNVD
CNVD
added 2018/06/29 12:0 a.m.1 views

fsk-server Directory Traversal Vulnerability

Node.js module fsk-server is a simple http server. A directory traversal vulnerability exists in fsk-server. An attacker can exploit this vulnerability by placing ". /" in a url to access the file system...

7.5CVSS7.5AI score0.02005EPSS
Exploits1References1
OSV
OSV
added 2018/04/18 1:29 a.m.5 views

UBUNTU-CVE-2017-12196

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the...

5.9CVSS6.4AI score0.02049EPSS
Exploits0References3
CNVD
CNVD
added 2018/04/03 12:0 a.m.4 views

ZOHO ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL architecture based on IT service management software ITSM. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management a...

6.1CVSS6.7AI score0.02004EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/01 12:0 a.m.2 views

Parameter overflow vulnerability in OpenResty uri

OpenResty® is a high-performance web platform based on Nginx and Lua, with a large number of well-integrated Lua libraries, third-party modules, and most dependencies. A parameter overflow vulnerability exists in OpenResty uri. The vulnerability stems from the program's inability to properly fetc...

7.1AI score
Exploits0
Rows per page
Query Builder