Lucene search
K

49 matches found

CVE
CVE
added 2025/01/21 3:27 p.m.120 views

CVE-2025-24011

Summary: CVE-2025-24011 affects Umbraco CMS (.NET). From 14.0.0 up to, but not including, 14.3.2 and 15.1.2, an attacker can determine whether an account exists by analyzing response codes and timing of the management API. Impact: information exposure; no availability/integrity impact claimed. Ve...

5.3CVSS5.3AI score0.01451EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/21 3:27 p.m.15 views

CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...

5.3CVSS5.2AI score0.01451EPSS
Exploits1References3
Huntr
Huntr
added 2023/02/19 6:27 p.m.23 views

Lack of brute force protection

Issue Description • A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until an attacker discover the one correct combination that works. Steps to Reproduce: '1. First capture login request with BurpSuite,...

7AI score0.00591EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.4 views

Event Registration System 代码问题漏洞

Event Registration System is an event registration system with QR codes by Carlo Montero Personal Developer. A security vulnerability exists in the Event Registration System version 1.0, which stems from an incorrect manipulation of the parameter cmd leading to unrestricted file uploads...

9.8CVSS8.1AI score0.00439EPSS
Exploits0References2
OSV
OSV
added 2022/09/15 3:34 a.m.12 views

GHSA-GGF6-638M-VQMG Netmaker vulnerable to Insufficient Granularity of Access Control

Impact Improper Authorization functions leads to non-privileged users running privileged API calls. If you have added users to your Netmaker platform who whould not have admin privileges, they could use their auth token to run admin-level functions via the API. In addition, differing response cod...

8.8CVSS8.4AI score0.00729EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2021/03/15 8:10 p.m.104 views

USN-4768-1: musl vulnerabilities

It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. CVE-2018-1000001 It was discovered that musl did not properly handle the parsing of DNS response codes. A remote...

9.8CVSS8.2AI score0.13614EPSS
Exploits9
RedHat Linux
RedHat Linux
added 2020/12/21 1:30 p.m.6 views

Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

9.3CVSS7.2AI score0.01222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/14 12:28 p.m.3 views

Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

9.3CVSS7.2AI score0.01222EPSS
Exploits0References5
ALT Linux
ALT Linux
added 2020/12/02 12:0 a.m.30 views

Security fix for the ALT Linux 10 package thunderbird version 78.5.1-alt1

Dec. 2, 2020 Andrey Cherepanov 78.5.1-alt1 - New version 78.5.1. - Security fixes: + CVE-2020-26970 Stack overflow due to incorrect parsing of SMTP server response codes...

9.3CVSS7.2AI score0.01222EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/09/02 9:47 a.m.3 views

EAP: field-name is not parsed in accordance to RFC7230

A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...

5.3CVSS5.9AI score0.0119EPSS
Exploits0References4
Gitee
Gitee
added 2020/08/06 10:18 a.m.5 views

aflnet

It is an offensive tool for Network protocols. The repository contains a greybox fuzzer for protocol implementations, named AFLNet. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of record...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2019/12/19 8:30 p.m.103 views

Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...

7.3AI score
Exploits0References1
Nmap
Nmap
added 2017/07/26 7:34 p.m.751 views

ftp-syst NSE Script

Sends FTP SYST and STAT commands and returns the result. The canonical SYST response of "UNIX Type: L8" is stripped or ignored, since it is meaningless. Typical FTP response codes 215 for SYST and 211 for STAT are also hidden. References: Example Usage nmap -sV -sC Script Output | ftp-syst: | SYS...

10CVSS9.4AI score0.99448EPSS
Exploits33
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2017/04/07 6:52 p.m.16 views

The power of Wallarm search engine

In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...

7.2AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2017/04/07 6:52 p.m.30 views

The power of Wallarm search engine

In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/03/20 12:0 a.m.30 views

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0714-1)

This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed bsc1028391 : - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js...

10CVSS7.5AI score0.17484EPSS
Exploits9References22
RedHat Linux
RedHat Linux
added 2017/03/08 4:4 p.m.3 views

Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

5.3CVSS7.3AI score0.02631EPSS
Exploits1References5
w3af
w3af
added 2013/06/10 11:2 p.m.14 views

strange_http_codes

Analyze HTTP response codes sent by the remote web application and report uncommon findings. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly...

0.1AI score
Exploits0
Nmap
Nmap
added 2012/04/01 1:4 p.m.147 views

dns-ip6-arpa-scan NSE Script

Performs a quick reverse DNS lookup of an IPv6 network using a technique which analyzes DNS server response codes to dramatically reduce the number of queries needed to enumerate large networks. The technique essentially works by adding an octet to a given IPv6 prefix and resolving it. If the add...

10CVSS9.2AI score0.99448EPSS
Exploits33
Metasploit
Metasploit
added 2010/11/13 6:40 a.m.39 views

Web Site Crawler

Crawl a web site and store information about what was found This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Web Site Crawler', 'Description' = 'Crawl a web site and store information about what...

6.9AI score
Exploits0
Rows per page
Query Builder