Lucene search
K

7081 matches found

CNVD
CNVD
added 2021/04/26 12:0 a.m.10 views

Webmin Cross-Site Request Forgery Vulnerability (CNVD-2021-31910)

Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. An attacker can use this vulnerability to create an elevated privilege user via Webmin...

8.8CVSS6.7AI score0.0878EPSS
Exploits6References1
NVD
NVD
added 2021/04/25 7:15 p.m.19 views

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

8.8CVSS0.0878EPSS
Exploits6References5
OSV
OSV
added 2021/04/25 7:15 p.m.20 views

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

8.8CVSS6.8AI score0.0878EPSS
Exploits6References5
Prion
Prion
added 2021/04/25 7:15 p.m.24 views

Cross site request forgery (csrf)

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

6.8CVSS8.7AI score0.0878EPSS
Exploits6References5Affected Software1
Cvelist
Cvelist
added 2021/04/25 6:32 p.m.22 views

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

8.9AI score0.0878EPSS
Exploits6References5
CVE
CVE
added 2021/04/25 6:32 p.m.119 views

CVE-2021-31762

CVE-2021-31762 affects Webmin 1.973 and is a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to create a privileged user via Webmin’s Add Users feature and, via Webmin’s Run Process feature, obtain a reverse shell. The connected sources confirm the vulnerability leads to ...

8.8CVSS8.6AI score0.0878EPSS
Exploits6References5Affected Software1
CNNVD
CNNVD
added 2021/04/25 12:0 a.m.5 views

Webmin 跨站请求伪造漏洞

Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. An attacker can use this vulnerability to create an elevated privilege user via Webmin...

8.8CVSS5.5AI score0.0878EPSS
Exploits6References8
Kitploit
Kitploit
added 2021/04/24 9:30 p.m.226 views

OverRide - Binary Exploitation And Reverse-Engineering (From Assembly Into C)

Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag - password for next level README.md - how to find password source.c - the reverse engineered binary dissasemblynotes.md - notes on asm See the subject...

7.7AI score
Exploits0References14
Gitee
Gitee
added 2021/04/22 12:40 p.m.10 views

Hack-Tools

This is an offensive tool for Web Pentesters. It is a browser extension called HackTools, which facilitates web application penetration tests. The extension includes cheat sheets and tools such as XSS payloads, reverse shells, and more, accessible in one click. It can be used in pop-up mode or in...

6.5AI score
Exploits0
0day.today
0day.today
added 2021/04/22 12:0 a.m.66 views

OTRS 6.0.1 - Remote Command Execution Exploit (2)

Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921 !/usr/bin/env python3...

9CVSS0.3AI score0.19901EPSS
Exploits8
GithubExploit
GithubExploit
added 2021/04/21 8:6 p.m.77 views

Exploit for Cross-Site Request Forgery (CSRF) in Webmin

..| CVE-2021-31762 |.. Description : Exploiting a Cross-sit...

8.8CVSS8.7AI score0.0878EPSS
Exploits6
NVD
NVD
added 2021/04/21 7:15 p.m.9 views

CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

5.7CVSS0.0051EPSS
Exploits0References1
OSV
OSV
added 2021/04/21 7:15 p.m.13 views

CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

5.4CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2021/04/21 7:15 p.m.14 views

Authorization

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

4.9CVSS5.6AI score0.0051EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/21 6:50 p.m.16 views

CVE-2021-29456 Authelia allows open redirects on the logout endpoint

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

5.7CVSS5.9AI score0.0051EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/04/20 12:30 p.m.43 views

Reproxy - Simple Edge Server / Reverse Proxy

Reproxy is a simple edge HTTPs server / reverse proxy supporting various providers docker, static, file. One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL...

6.8AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/04/19 2:54 p.m.71 views

Sydent vulnerable to denial of service attack via memory exhaustion

Impact Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to disk space exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers....

7.5CVSS0.8AI score0.01833EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2021/04/19 2:54 p.m.30 views

GHSA-WMG4-8CP2-HPG9 Sydent vulnerable to denial of service attack via memory exhaustion

Impact Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to disk space exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers....

8.7CVSS7.4AI score0.01833EPSS
Exploits0References9
Securelist
Securelist
added 2021/04/19 11:30 a.m.190 views

Targeted Malware Reverse Engineering Workshop follow-up. Part 1

On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global Research & Analysis Team GReAT, who gave live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases, moderated by GReATs own Dan Demete...

7.3AI score
Exploits0
CNVD
CNVD
added 2021/04/19 12:0 a.m.4 views

Online Reviewer System SQL Injection Vulnerability

Online Reviewer System is a software application. An online reviewer system. Online Reviewer System version 1.0 suffers from a SQL injection vulnerability that stems from an authentication bypass SQL injection vulnerability that could result in a reverse shell upload. No detailed vulnerability...

9.8CVSS8AI score0.02231EPSS
Exploits1References1
Rows per page
Query Builder