Lucene search
K

7082 matches found

Cvelist
Cvelist
added 2020/12/14 9:5 p.m.17 views

CVE-2020-25234

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

7.4AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2020/12/14 9:5 p.m.51 views

CVE-2020-25234

The CVE-2020-25234 entry applies to Siemens LOGO! 8 BM (incl. SIPLUS) and LOGO! Soft Comfort (pre-8.3). The root issue is that UDFs saved in stored program files are protected only by password protection implemented in the display software, enabling an attacker to reverse engineer UDFs from these...

7.7CVSS7.3AI score0.00301EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.566 views

GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)

Exploit Title: Gitlab 11.4.7 - Remote Code Execution Date: 14-12-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net, foxlox Vendor Homepage: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested On: Debian 10 +...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2020/12/11 4:23 p.m.15 views

Mail.ru: Bypass the reverse proxy. Request admin

Incorrect configuration of nginx led to path restrictions bypass...

3.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/11 12:0 a.m.1784 views

Aerospike Database UDF Lua Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerospike Database UDF Lua Code Execution', 'Description' = %q Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to...

10CVSS0.6AI score0.86749EPSS
Exploits8
Kitploit
Kitploit
added 2020/12/10 8:30 p.m.96 views

Sak1To-Shell - Multi-threaded C2 Server And Reverse Shell Client Written In Pure C

Multi-threaded c2 server and reverse TCP shell client written in pure C Windows. Command list: list: list available connections. interact id: interact with client. download filename: download a file from client. upload filename: upload a file to client. background: background client. exit:...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/12/10 11:30 a.m.66 views

DarkSide - Tool Information Gathering And Social Engineering

Features: Hacker Dashboard Hacker News thehackernews.com/ New Exploits Exploit-db.com Hacking Tutorials Video youtube.com The Latest Prices OF Digital Currencies Rials , Usd Information Gathering Bypass Cloud Flare Cms Detect Trace Toute Reverse IP Port Scan IP location Finder Show HTTP Header Fi...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.15 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : lftp Vulnerability (NS-SA-2020-0068)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has lftp packages installed that are affected by a vulnerability: - It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local...

7.8CVSS5.9AI score0.04782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.21 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : lftp Vulnerability (NS-SA-2020-0103)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has lftp packages installed that are affected by a vulnerability: - It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local...

7.8CVSS5.9AI score0.04782EPSS
Exploits1References2
OSV
OSV
added 2020/12/08 2:15 a.m.18 views

CVE-2020-26253

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

5.9CVSS6.3AI score
Exploits0References5
Prion
Prion
added 2020/12/08 2:15 a.m.21 views

Design/Logic Flaw

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

4.3CVSS5.5AI score0.00561EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2020/12/08 1:15 a.m.32 views

CVE-2020-26253 .dev domains treated as local in Kirby

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

6.8CVSS6.4AI score0.00561EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/12/08 12:0 a.m.24 views

Debian DSA-4805-1 : trafficserver - security update

Two vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server : - CVE-2020-17508 The ESI plugin was vulnerable to memory disclosure. - CVE-2020-17509 The negative cache option was vulnerable to cache poisoning. C Tenable Network Security, Inc. The descriptive te...

7.5CVSS7.2AI score0.0202EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2020/12/08 12:0 a.m.14 views

Debian: Security Advisory (DSA-4805-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.0202EPSS
Exploits0References4
Kitploit
Kitploit
added 2020/12/06 11:30 a.m.139 views

Karkinos - Penetration Testing And Hacking CTF's Swiss Army Knife With: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following: Encoding/Decoding characters Encrypting/Decrypting text or files Reverse shell handling Cracking and generating hashes Dependancies Any server capable of hosting...

7.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/12/03 5:0 p.m.32 views

Reverse Engineering Tools: Evaluating the True Cost

When sourcing software for business needs, what criteria should you follow? Price typically tops the list. And sure, free software, like the Linux OS, delivers cost savings, stability, flexibility and ongoing development. No argument there. But when it comes to decompilers, which are used for...

7.6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/12/02 4:36 p.m.3 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
0day.today
0day.today
added 2020/12/01 12:0 a.m.48 views

Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Vulnerability

Exploit Title: Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Discovery by: Jok3r Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm Tested Version: 2.3.1911...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/01 12:0 a.m.350 views

10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Inventory Explorer 8.65 - Buffer Overflow SEH Date: 2020-09-02 Exploit Author: Sectechs Vendor Homepage: https://www.10-strike.com Version: 8.65 Tested on: Windows 7 x86 SP1 import os import sys import struct import socket crash ="A" 209 jmp short 8...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/11/27 2:42 p.m.3 views

CVE

This is a collection of HTML files from a blog about reverse engineering and security. The files are dated from August 2019 to September 2019 and appear to be written in Chinese. The content includes various topics such as: Creating and finding SEH Structured Exception Handler in Windows Input...

6.8AI score
Exploits0
Rows per page
Query Builder