CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4945 matches found

0day.today•added 2018/12/01 12:0 a.m.•41 views

Apache Spark - Unauthenticated Command Execution Exploit

This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it. This module requires Metasploit:...

0.7AI score

Exploits0

Exploit DB•added 2018/11/30 12:0 a.m.•196 views

Apache Spark - (Unauthenticated) Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Spark Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution vulnerability in...

7.4AI score

Exploits0

Packet Storm•added 2018/11/30 12:0 a.m.•69 views

Apache Spark Unauthenticated Command Execution

0.6AI score

Exploits0

Kitploit•added 2018/11/26 11:27 a.m.•52 views

Trape v2.0 - People Tracker On The Internet: OSINT Analysis And Research Tool

Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their...

7.4AI score

Exploits0References1

Kitploit•added 2018/11/20 1:11 p.m.•47 views

ACHE - A Web Crawler For Domain-Specific Search

ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant...

7.4AI score

Exploits0References6

OpenVAS•added 2018/11/13 12:0 a.m.•69 views

Western Digital My Book Live / My Cloud NAS RCE Vulnerability

Western Digital MyBook Live and some models of Western Digital My Cloud NAS contain a remotely exploitable vulnerability that lets anyone run commands on the device as root. The vulnerability exists in the language change and modify functionality in the REST API Copyright C 2018 Greenbone Network...

10CVSS8.7AI score0.30284EPSS

Exploits0References1

Check Point Advisories•added 2018/11/11 12:0 a.m.•4 views

Western Digital MyBook Live Remote Code Execution (CVE-2018-18472)

A command injection vulnerability exist in WD MyBook Live and WD MyCloud NAS models. The vulnerability is due to the language change and modifies functionality in the REST API. A remote, unauthenticated attacker can exploit the vulnerability by sending a maliciously crafted packet to the target...

10CVSS3.7AI score0.30284EPSS

Exploits0

Github Security Blog•added 2018/11/09 5:41 p.m.•41 views

org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

4.9CVSS1.5AI score0.65937EPSS

Exploits2References6Affected Software2

IBM Security Bulletins•added 2018/11/07 5:10 a.m.•21 views

Security Bulletin: A security vulnerability has been identified in Apache Spark shipped with IBM Operations Analytics Predictive Insights (CVE-2018-11770)

Summary There is a vulnerability in Apache Spark®, Version 2.0.1 that is used by IBM Operations Analytics Predictive Insights 1.3.6. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2018-11770 Description: Apache Spark could allow a...

4.9CVSS0.8AI score0.65937EPSS

Exploits2Affected Software1

CNVD•added 2018/11/06 12:0 a.m.•2 views

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

6.1CVSS6.4AI score0.00675EPSS

Exploits1References1

Tenable Nessus•added 2018/11/05 12:0 a.m.•29 views

WordPress 4.2.x < 4.2.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS

Exploits0References6

Tenable Nessus•added 2018/11/05 12:0 a.m.•24 views

Drupal 8.x < 8.3.7 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access...

9.8CVSS8.4AI score0.03017EPSS

Exploits0References5

Tenable Nessus•added 2018/11/05 12:0 a.m.•33 views

WordPress 4.4.x < 4.4.7 Multiple Vulnerabilities

9.8CVSS9AI score0.81848EPSS

Exploits0References6

Tenable Nessus•added 2018/11/05 12:0 a.m.•35 views

WordPress 3.8.x < 3.8.18 Multiple Vulnerabilities

9.8CVSS9AI score0.81848EPSS

Exploits0References6

Tenable Nessus•added 2018/11/05 12:0 a.m.•123 views

WordPress 3.9.x < 3.9.16 Multiple Vulnerabilities