Lucene search
K

7082 matches found

CVE
CVE
added 2021/02/09 8:44 p.m.44 views

CVE-2021-21476

CVE-2021-21476 (SAP UI5) affects SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, and 1.86.1. The vulnerability is described as an open redirect caused by Reverse Tabnabbing, allowing an unauthenticated attacker to redirect users to a malicious site. The connec...

6.1CVSS6.3AI score0.00816EPSS
Exploits0References2Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/02/08 7:33 a.m.156 views

Reverse Engineering Keys from Firmware. A how-to

TL;DR It is possible to reverse engineer keys from firmware with some tips: 1. Always looks for strings/constants. 2. Make guesses about the original source. 3. Find a function you can recognise and work backwards to identify other functions. 4. It helps if they use open-source code so you can cr...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/02/07 7:53 p.m.4 views

pwntools

This repository is an open-source project for a Python library called pwntools, which is used for reverse engineering and exploitation of binaries. The library is designed to be a comprehensive tool for security researchers and developers. The repository contains a variety of files, including:...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2021/02/05 11:30 a.m.132 views

Geacon - Implement CobaltStrike's Beacon In Go

Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...

7.5AI score
Exploits0References3
Packet Storm
Packet Storm
added 2021/02/05 12:0 a.m.303 views

PhreeBooks 5.2.3 Remote Code Execution

Exploit Title: PhreeBooks 5.2.3 - Remote Code Execution Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: 5.2.3 Tested on: Windows Server 2016 !/usr/bin/env python3 ''' DESCRIPTION: - PhreeBooks...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2021/02/04 9:40 p.m.2264 views

Exploit for CVE-2019-1068

CVE-2019-1068 Root cause analysis and PoC for a Microsoft SQL...

8.8CVSS8.8AI score0.44665EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/02/04 12:0 a.m.26 views

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2021-1228)

According to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not...

7.5CVSS7.4AI score0.03772EPSS
Exploits0References2
Prion
Prion
added 2021/02/02 7:15 p.m.20 views

Design/Logic Flaw

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers Google, GitHub, and others to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in...

5.8CVSS6.3AI score0.01353EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/02/02 7:5 p.m.92 views

CVE-2021-21291

CVE-2021-21291: OAuth2 Proxy (open-source reverse proxy) before v7.0.0 had a vulnerability in the whitelist-domain feature where a domain matched for redirects could be broader than intended (e.g., .example.com could match example.com and badexample.com). This could allow unintended redirects. Im...

6.1CVSS5.5AI score0.01353EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/02 12:0 a.m.4 views

PT-2021-14396 · Unknown +2 · Blaze-Core +5

Name of the Vulnerable Software and Affected Versions: http4s versions prior to 0.21.17 http4s versions prior to 0.22.0-M2 http4s versions prior to 1.0.0-M14 Description: The issue is related to the blaze-core library, which accepts connections unboundedly on its selector pool. This can lead to a...

7.5CVSS7.1AI score0.02146EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2021/02/01 12:0 a.m.193 views

Online Reviewer System 1.0 SQL Injection / Shell Upload

!/bin/bash Exploit Title: Online Reviewer System PHPPDO - RCE & ADMIN BYPASS Exploit Author: Richard Jones Date: 2021-01-31 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...

0.8AI score
Exploits0
CNNVD
CNNVD
added 2021/01/31 12:0 a.m.3 views

Mofi Network MOFI4500-4GXeLTE 安全特征问题漏洞

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A security vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices, which can be exploited by an attacker to know the generation algorithm via firmware reverse, and directly calculate the one-time passwo...

7.5CVSS7.1AI score0.01081EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2021/01/31 12:0 a.m.22 views

h2o -- uninitialised memory access in HTTP3

Emil Lerner reports: When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state ...

7.4CVSS2.1AI score0.02667EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/01/29 12:0 a.m.249 views

Quick.CMS 6.7 Remote Code Execution

Exploit Title: Quick.CMS 6.7 - Remote Code Execution Authenticated Date: 2020-12-28 Exploit Author: mari0x00 Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/?sFile=Quick.Cmsv6.7-pl.zip Description:...

7.1AI score0.10458EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.344 views

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution Unauthenticated Exploit Author: Darren Martyn Vendor Homepage: https://www.home-assistant.io/ Version: SMA 8.0.0.4 Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.454 views

Metasploit Framework 6.0.11 - msfvenom APK template command injection

Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...

9.3CVSS7.7AI score0.30562EPSS
Exploits8
0day.today
0day.today
added 2021/01/27 12:0 a.m.124 views

MobileIron MDM Hessian-Based Java Deserialization Remote Code Execution Exploit

This Metasploit module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

9.8CVSS0.7AI score0.99737EPSS
Exploits4
NVD
NVD
added 2021/01/26 6:15 p.m.29 views

CVE-2020-36202

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy...

6.1CVSS6.2AI score0.00815EPSS
Exploits0References1
OSV
OSV
added 2021/01/26 6:15 p.m.26 views

CVE-2020-36202

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy...

6.1CVSS6.7AI score0.01008EPSS
Exploits0References1
Prion
Prion
added 2021/01/26 6:15 p.m.11 views

Design/Logic Flaw

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy...

4.3CVSS6.2AI score0.00815EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder