CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Ubuntu•added 2023/08/17 2:53 p.m.•56 views

USN-6294-2: HAProxy vulnerability

USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the paylo...

7.2CVSS7.1AI score0.01815EPSS

Exploits1

0day.today•added 2023/08/15 12:0 a.m.•415 views

RaspAP 2.8.7 Unauthenticated Command Injection Exploit

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

9.8CVSS8.3AI score0.98725EPSS

Exploits3

HackRead•added 2023/08/10 4:22 p.m.•28 views

EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy

By Habiba Rashid The EvilProxy phishing kit is a malicious tool that has emerged as a key player, as it exploits MFA's limitations. So far, it has targeted over 100 firms. This is a post from HackRead.com Read the original post: EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Pro...

7AI score

hivepro•added 2023/08/10 12:40 p.m.•15 views

Reptile Rootkit Targets Linux Systems in South Korea

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Reptile, an open-source Linux rootkit, goes beyond concealment, offering attackers a reverse shell and utilizing Port Knocking for control; observed in attacks including Chinese groups exploiting...

6.8AI score

The Hacker News•added 2023/08/10 9:45 a.m.•52 views

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service PhaaS toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft...

6.8AI score

0day.today•added 2023/08/10 12:0 a.m.•341 views

TP-Link Archer AX21 - Unauthenticated Command Injection Exploit

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

8.8CVSS7.1AI score0.99999EPSS

Exploits7

Exploit DB•added 2023/08/10 12:0 a.m.•584 views

TP-Link Archer AX21 - Unauthenticated Command Injection

8.8CVSS9AI score0.99999EPSS

Exploits7

Github Security Blog•added 2023/08/09 12:56 p.m.•283 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do...

7.5CVSS6.6AI score0.15519EPSS

Exploits0References8Affected Software5

OSV•added 2023/08/09 12:56 p.m.•44 views

GHSA-VMCH-3W2X-VHGQ .NET Denial of Service Vulnerability

7.5CVSS7.8AI score0.15519EPSS

Exploits0References8

7.5CVSS8.4AI score0.15519EPSS

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in exploitation of this vulnerability. Mitigation If your application is running behind a rever...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting a...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting a...

Denial of Service (DoS)

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting ...

GithubExploit•added 2023/08/07 8:55 p.m.•301 views

Exploit for Improper Input Validation in Lexmark Cxtpc_Firmware

CVE-2023-34362 POCs for credential dumping, reverse shells, an...

9.8CVSS9.5AI score0.99934EPSS

Exploits18

The Hacker News•added 2023/08/07 9:52 a.m.•46 views

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher...

6.7AI score