Lucene search
K

7082 matches found

CNNVD
CNNVD
added 2021/01/26 12:0 a.m.5 views

Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2.3.0. The vulnerability stems from the possibility of request smuggling when the program is used behind a reverse proxy. No detailed vulnerability...

6.1CVSS5.8AI score0.00815EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/01/25 7:45 p.m.4 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Metasploit
Metasploit
added 2021/01/23 5:41 p.m.113 views

MobileIron MDM Hessian-Based Java Deserialization RCE

This module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint. Module Options msf use exploit/linux/http/mobileironmdmhessianrce msf exploitmobileironmdmhessianrce show targets ...targets... msf...

9.8CVSS9.4AI score0.99737EPSS
Exploits4
Gitee
Gitee
added 2021/01/22 11:51 p.m.6 views

hackingtool

This repository is an offensive tool for a comprehensive hacking toolkit. The primary vulnerability class targeted is not explicitly stated, but the tool includes various modules for exploitation, reverse engineering, and post-exploitation. The probable entry points for this tool are scripts and...

8.2AI score
Exploits0
Cvelist
Cvelist
added 2021/01/22 9:7 a.m.27 views

CVE-2020-36202

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy...

6.2AI score0.00815EPSS
Exploits0References1
CVE
CVE
added 2021/01/22 9:7 a.m.66 views

CVE-2020-36202

The CVE-2020-36202 issue affects the async-h1 crate for Rust prior to 2.3.0. When used behind a reverse proxy, request smuggling can occur if the proxy mishandles the request body, potentially allowing a smuggled request or forged headers on a shared connection. The impact described includes risk...

6.1CVSS6.6AI score0.00815EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2021/01/20 11:30 a.m.870 views

MobileHackersWeapons - Mobile Hacker's Weapons / A Collection Of Cool Tools Used By Mobile Hackers

A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Weapons OS | Type | Name | Description ---|---|---|--- All | Analysis | RMS-Runtime-Mobile-Security | Runtime Mobile Security RMS - is a powerful web interface that helps you to manipulate Android and iOS Apps at...

7.8AI score
Exploits0References39
0day.today
0day.today
added 2021/01/20 12:0 a.m.26 views

Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)

/ Exploit Title: Linux/x64 - Reverse Shell Author: Guillem Alminyana Date: 2021-01-18 Platform: GNU Linux x64 ===================================== This shellcode connects back to 127.1.1.1 address on port 4444 Listener needs to be opened before execute: nc -lvp 4444 Compile: gcc...

0.4AI score
Exploits0
Kitploit
Kitploit
added 2021/01/17 8:30 p.m.144 views

ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.

A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self contained di...

7AI score
Exploits0References11
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.430 views

EyesOfNetwork 5.3 - File Upload Remote Code Execution

Exploit Title: EyesOfNetwork 5.3 - File Upload Remote Code Execution Date: 10/01/2021 Exploit Author: Ariane.Blow Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3-10 12/9/2020-lastest !/bin/bash /!\ You...

7.4AI score
Exploits0
OSV
OSV
added 2021/01/14 7:15 p.m.26 views

GHSA-2CCX-2GF3-8XVV Kirby .dev domains and some reverse proxy setups were treated as local

Impact About our registration block In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget...

6.8CVSS6AI score0.00561EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/01/14 7:15 p.m.69 views

Kirby .dev domains and some reverse proxy setups were treated as local

Impact About our registration block In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget...

6.8CVSS5.7AI score0.00561EPSS
Exploits0References7Affected Software2
RedHat Linux
RedHat Linux
added 2021/01/11 9:59 p.m.4 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2021/01/11 12:0 a.m.229 views

EyesOfNetwork 5.3 Remote Code Execution / Privilege Escalation

Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...

0.8AI score
Exploits0
Kitploit
Kitploit
added 2021/01/09 11:30 a.m.528 views

Emp3R0R - Linux Post-Exploitation Framework Made By Linux User

linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect in future releases packer: cryptor + memfdcreate packer: use shmopen in older Linux kernels dropper: shellcode injector - python injector: inject shellcode...

6.6CVSS7.4AI score0.2704EPSS
Exploits39References20
Exploit DB
Exploit DB
added 2021/01/08 12:0 a.m.195 views

WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Autoptimize Authenticated File Upload', 'Description' = %q The aoccssimport AJAX call does not ensure that the file provided is a...

7.2CVSS7.4AI score0.13139EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/01/07 12:0 a.m.220 views

PaperStream IP (TWAIN) 1.42.0.5685 Local Privilege Escalation

Exploit Title: PaperStream IP TWAIN 1.42.0.5685 - Local Privilege Escalation Exploit Author: 1F98D Original Author: securifera Date: 12 May 2020 Vendor Hompage: https://www.fujitsu.com/global/support/products/computing/peripheral/scanners/fi/software/fi6x30-fi6x40-ps-ip-twain32.html CVE:...

7.2CVSS0.5AI score0.02557EPSS
Exploits4
Kitploit
Kitploit
added 2021/01/06 9:12 p.m.128 views

Hack-Tools v0.3.0 - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

6.7AI score
Exploits0References2
OSV
OSV
added 2021/01/05 6:15 p.m.23 views

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

7.7CVSS6.8AI score
Exploits0References4
Prion
Prion
added 2021/01/05 6:15 p.m.23 views

Directory traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

4CVSS7.2AI score0.21173EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder