Lucene search
K

7082 matches found

CNVD
CNVD
added 2021/04/19 12:0 a.m.4 views

Online Reviewer System SQL Injection Vulnerability

Online Reviewer System is a software application. An online reviewer system. Online Reviewer System version 1.0 suffers from a SQL injection vulnerability that stems from an authentication bypass SQL injection vulnerability that could result in a reverse shell upload. No detailed vulnerability...

9.8CVSS8AI score0.02231EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/04/19 12:0 a.m.532 views

Nagios XI 5.7.3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2020-5791, an OS command...

9CVSS7.2AI score0.78632EPSS
Exploits7
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:0661-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.7179EPSS
Exploits0References11
NVD
NVD
added 2021/04/15 9:15 p.m.14 views

CVE-2021-29430

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...

7.5CVSS0.01833EPSS
Exploits0References6
PyPA
PyPA
added 2021/04/15 9:15 p.m.3 views

PYSEC-2021-21

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...

7.5CVSS6.8AI score0.01833EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/04/15 9:15 p.m.17 views

PYSEC-2021-21

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...

7.5CVSS0.5AI score0.01833EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/04/15 8:35 p.m.14 views

CVE-2021-29430

Removed by vendor...

7.5CVSS7.5AI score0.01833EPSS
Exploits0
Talos Blog
Talos Blog
added 2021/04/15 11:0 a.m.38 views

Threat Source Newsletter (April 15, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you missed our webinar last week, we've got you covered. We've uploaded an extended version to our YouTube page that includes the scripts used in the presentation. This video will show you how to reverse-engineer and... This is...

2.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/15 12:0 a.m.7 views

PT-2021-18206 · Sydent · Sydent

Name of the Vulnerable Software and Affected Versions: Sydent versions prior to 89071a1, 0523511, f56eee3 Description: Sydent is a reference Matrix identity server that does not limit the size of requests it receives from HTTP clients, allowing a malicious user to send an HTTP request with a very...

8.7CVSS7.3AI score0.01833EPSS
Exploits0References13
OSV
OSV
added 2021/04/14 3:15 p.m.2 views

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

9.8CVSS7.3AI score0.02231EPSS
Exploits1References1
NVD
NVD
added 2021/04/14 3:15 p.m.7 views

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

9.8CVSS0.02231EPSS
Exploits1References1
Prion
Prion
added 2021/04/14 3:15 p.m.8 views

Sql injection

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

7.5CVSS9.7AI score0.02231EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/14 2:59 p.m.14 views

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

10AI score0.02231EPSS
Exploits1References1
CVE
CVE
added 2021/04/14 2:59 p.m.43 views

CVE-2021-27130

Online Reviewer System 1.0 is affected by a SQL injection vulnerability that stems from an authentication bypass, enabling an attacker to bypass login and potentially upload a reverse shell. The flaw is documented across multiple sources (Red Hat, CNVD/CNNVD, CVE records) as a SQL injection throu...

9.8CVSS9.8AI score0.02231EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/04/14 12:0 a.m.2 views

Online Reviewer System SQL注入漏洞

Online Reviewer System is a software application. An online reviewer system. Online Reviewer System version 1.0 suffers from a SQL injection vulnerability that stems from an authentication bypass SQL injection vulnerability that could result in a reverse shell upload. No detailed vulnerability...

9.8CVSS5.9AI score0.02231EPSS
Exploits1References2
0day.today
0day.today
added 2021/04/14 12:0 a.m.240 views

MariaDB 10.2 /MySQL - (wsrep_provider) OS Command Execution Vulnerability

Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL...

7.2CVSS1.1AI score0.38179EPSS
Exploits9
RedHat Linux
RedHat Linux
added 2021/04/13 11:35 p.m.3 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/04/13 3:12 p.m.37 views

Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints

Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches The issue is fixed by 9321. Workarounds Depending on the needs and configuration of the homeserver...

6.5CVSS2.9AI score0.01538EPSS
Exploits0References8Affected Software1
Talos Blog
Talos Blog
added 2021/04/12 6:32 a.m.41 views

Recording: Analyzing Android Malware — From triage to reverse-engineering

It's easy to get wrapped up worry about large-scale ransomware attacks on the threat landscape. These are the types of attacks that make headlines and strike fear into the hearts of CISOs everywhere. But if you want to defend the truly prolific and widespread threats that target some of the...

1.9AI score
Exploits0
GithubExploit
GithubExploit
added 2021/04/11 11:23 a.m.6 views

Exploit for Server-Side Request Forgery in Gitlab

gitlab-RCE-11.4.7 GitLab 11.4.7 CE RCE exploit with different...

7.7CVSS7.3AI score0.27983EPSS
Exploits5
Rows per page
Query Builder