Lucene search
K

7082 matches found

Malwarebytes
Malwarebytes
added 2020/10/20 12:0 p.m.33 views

Brute force attacks increase due to more open RDP ports

While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. Thats because an open port can be subject to brute force attacks. What...

7.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/10/19 1:42 p.m.3 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Kitploit
Kitploit
added 2020/10/18 11:30 a.m.107 views

Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover

Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...

6.9AI score
Exploits0References4
OSV
OSV
added 2020/10/16 4:56 p.m.14 views

GHSA-3X8C-FMPC-5RMQ Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint

Impact The fallback authentication endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other...

6.1CVSS6.1AI score0.01908EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2020/10/16 4:56 p.m.31 views

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint

Impact The fallback authentication endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other...

6.1CVSS6.1AI score0.01908EPSS
Exploits0References8Affected Software1
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.549 views

CS-Cart 1.3.3 - authenticated RCE

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.589 views

aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

9CVSS7.1AI score0.0597EPSS
Exploits5
GithubExploit
GithubExploit
added 2020/10/15 2:53 p.m.88 views

Exploit for OS Command Injection in Webmin

CVE-2019–15107 - Unauthenticated RCE Webmin =1.920 This...

10CVSS0.99766EPSS
Exploits37
Kitploit
Kitploit
added 2020/10/13 8:30 p.m.58 views

Nuubi Tools - Information Ghatering, Scanner And Recon

Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...

7.2AI score
Exploits0References4
GithubExploit
GithubExploit
added 2020/10/10 2:38 a.m.156 views

Exploit for Code Injection in Nette Application

CVE-2020-15227 ============== DISCLAIMER! I take no responsibil...

9.8CVSS9.1AI score0.35228EPSS
Exploits3
GithubExploit
GithubExploit
added 2020/10/09 1:13 p.m.47 views

Exploit for Code Injection in Nette Application

CVE-2020-15227 ============== DISCLAIMER! I take no responsibil...

9.8CVSS9.1AI score0.35228EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2020/10/08 10:52 a.m.2 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2020/10/08 12:0 a.m.84 views

squid security update

7:3.5.20-17.4 - Resolves: 1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: 1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: 1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache...

9.9CVSS0.4AI score0.7179EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2020/10/06 6:21 p.m.94 views

Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request

Impact Information Disclosure When the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or...

4CVSS1.4AI score0.01471EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2020/10/06 1:15 p.m.3 views

ALPINE-CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS7.1AI score0.03772EPSS
Exploits0References1
OSV
OSV
added 2020/10/06 1:15 p.m.2 views

DEBIAN-CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS6.6AI score0.03772EPSS
Exploits0References1
Prion
Prion
added 2020/10/06 1:15 p.m.24 views

Authorization

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

5CVSS6.3AI score0.03772EPSS
Exploits0References8Affected Software3
OSV
OSV
added 2020/10/06 1:15 p.m.4 views

UBUNTU-CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS6.8AI score0.03772EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/10/06 12:0 a.m.46 views

CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS6.8AI score0.03772EPSS
Exploits0
Cvelist
Cvelist
added 2020/10/06 12:0 a.m.35 views

CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.8AI score0.03772EPSS
Exploits0References8
Rows per page
Query Builder