Lucene search
K

7082 matches found

Cvelist
Cvelist
added 2021/01/05 5:30 p.m.20 views

CVE-2021-21234 Directory Traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

7.7CVSS7.6AI score0.21173EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2021/01/05 5:29 p.m.67 views

Directory Traversal in spring-boot-actuator-logview

Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...

7.7CVSS0.6AI score0.21173EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2021/01/05 5:29 p.m.18 views

GHSA-P4Q6-QXJX-8JGP Directory Traversal in spring-boot-actuator-logview

Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...

7.7CVSS7.3AI score0.21173EPSS
Exploits2References5
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.329 views

Klog Server 2.4.1 Command Injection

Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...

10CVSS9.6AI score0.87987EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.385 views

Klog Server 2.4.1 - Command Injection (Unauthenticated)

Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2021/01/02 11:30 a.m.63 views

HyperDbg - The Source Code Of HyperDbg Debugger

HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world. It operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging...

6.8AI score
Exploits0References2
OSV
OSV
added 2020/12/29 12:15 a.m.13 views

CVE-2020-26286

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that...

7.5CVSS7.4AI score
Exploits0References3
Packet Storm
Packet Storm
added 2020/12/23 12:0 a.m.196 views

10-Strike Network Inventory Explorer Pro 9.05 Buffer Overflow

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow SEH Date: 2020-12-22 Exploit Author: Florian Gassner Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.05 Tested on...

0.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/12/22 4:53 a.m.5 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
NVD
NVD
added 2020/12/21 10:15 p.m.17 views

CVE-2020-26281

async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...

7.5CVSS6.8AI score0.01008EPSS
Exploits0References2
OSV
OSV
added 2020/12/21 10:15 p.m.21 views

CVE-2020-26281

async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...

7.5CVSS7.5AI score0.00815EPSS
Exploits0References2
Prion
Prion
added 2020/12/21 10:15 p.m.13 views

Cross site request forgery (csrf)

async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...

5.8CVSS7.5AI score0.01008EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/12/21 9:50 p.m.38 views

CVE-2020-26281 request smuggling in async-h1

async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...

6.8CVSS7.5AI score0.01008EPSS
Exploits0References2
CVE
CVE
added 2020/12/21 9:50 p.m.54 views

CVE-2020-26281

CVE-2020-26281 affects the async-h1 crate (Rust) before version 2.3.0 when used behind a reverse proxy. The vulnerability arises when the server does not consume a request body beyond a buffer, allowing a smuggled request to be read from the body and potentially forge or manipulate forwarded head...

7.5CVSS7AI score0.01008EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2020/12/21 12:0 a.m.9 views

Http-rs Async-h1 Environment Issue Vulnerability

Http-rs Async-h1 is a Rust-based asynchronous Http parser from the Http-rs team. A security vulnerability exists in async-h1 versions prior to 2.3.0, which stems from the presence of a request smuggling vulnerability. This vulnerability affects any web server that uses async-h1 behind a reverse...

7.5CVSS7.1AI score0.01008EPSS
Exploits0References2
Securelist
Securelist
added 2020/12/18 1:0 p.m.132 views

Sunburst: connecting the dots in the DNS requests

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.229 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1472) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1472 advisory. - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approa...

7.9AI score0.09386EPSS
Exploits0References3
0day.today
0day.today
added 2020/12/18 12:0 a.m.23 views

WordPress Yet Another Stars Rating PHP Object Injection Exploit

This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability. class MetasploitModule 'WordPress PHP Object Injection in Yet Another Stars Rating plugin %q This module exploits Wordpress PHP Object Injection ...

7.6AI score
Exploits0
NVD
NVD
added 2020/12/17 11:15 p.m.14 views

CVE-2020-12519

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges...

10CVSS9AI score0.00851EPSS
Exploits0References1
Prion
Prion
added 2020/12/17 11:15 p.m.13 views

Open redirect

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges...

10CVSS9.3AI score0.00851EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder