Lucene search
K

7082 matches found

Prion
Prion
added 2020/04/20 8:15 p.m.14 views

Design/Logic Flaw

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality...

5.8CVSS6.3AI score0.00671EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/20 7:49 p.m.21 views

CVE-2020-9444

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality...

6.3AI score0.00671EPSS
Exploits0References1
CVE
CVE
added 2020/04/20 7:49 p.m.47 views

CVE-2020-9444

Zulip Server prior to 2.1.3 is affected by CVE-2020-9444 due to a reverse tabnabbing issue in the Markdown functionality. The root cause is exposed in Zulip’s Markdown handling, allowing an attacker to harness tabnabbing behavior. The vulnerability affects Zulip Server versions before 2.1.3; reme...

6.1CVSS6.2AI score0.00671EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2020/04/16 8:44 p.m.276 views

Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands

Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...

6.5CVSS0.8AI score0.01668EPSS
Exploits1
Exploit DB
Exploit DB
added 2020/04/16 12:0 a.m.282 views

ThinkPHP - Multiple PHP Injection RCEs (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinkPHP Multiple PHP Injection RCEs', 'Description' = %q This module exploits one of two PHP injection vulnerabilities in the ThinkPHP web...

7.4AI score
Exploits0
OSV
OSV
added 2020/04/15 8:15 p.m.26 views

CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

7.5CVSS6.6AI score0.03935EPSS
Exploits0References8
OSV
OSV
added 2020/04/15 8:15 p.m.1 views

DEBIAN-CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

7.5CVSS6.7AI score0.03935EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 8:15 p.m.2 views

UBUNTU-CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

7.5CVSS6.7AI score0.03935EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2020/04/15 8:15 p.m.36 views

CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

7.5CVSS6.7AI score0.03935EPSS
Exploits0References7
Prion
Prion
added 2020/04/15 8:15 p.m.23 views

Cross site request forgery (csrf)

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

5CVSS8.4AI score0.03935EPSS
Exploits0References8Affected Software3
Cvelist
Cvelist
added 2020/04/15 7:14 p.m.26 views

CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

8.5AI score0.03935EPSS
Exploits0References8
CVE
CVE
added 2020/04/15 7:14 p.m.232 views

CVE-2019-12520

CVE-2019-12520 affects Squid (versions up to 4.7 and 5.x per the sources). The vulnerability arises when Squid handles a request by computing an MD5 hash of the absolute URL to check the cache; if the URL includes a decoded UserInfo (username:password), that info is prepended to the domain. An at...

7.5CVSS8.3AI score0.03935EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2020/04/15 7:14 p.m.30 views

CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

7.5CVSS6.5AI score0.03935EPSS
Exploits0
Metasploit
Metasploit
added 2020/04/15 7:31 a.m.20 views

OSX Meterpreter, Reverse TCP Stager with UUID Support (OSX x64)

Inject the mettle server payload staged. Connect back to the attacker with UUID Support OSX x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 204 include...

7.2AI score
Exploits0
Metasploit
Metasploit
added 2020/04/15 7:31 a.m.24 views

OS X dup2 Command Shell, Reverse TCP Stager with UUID Support (OSX x64)

dup2 socket in edi, then execve. Connect back to the attacker with UUID Support OSX x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 204 include Msf::Payload::Osx::ReverseTcpx64...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2020/04/12 12:0 a.m.33 views

Fedora: Security Advisory for haproxy (FEDORA-2020-16cd111544)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.60727EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/04/11 12:30 p.m.262 views

Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...

7.4AI score
Exploits0References6
Veracode
Veracode
added 2020/04/10 1:10 a.m.52 views

Unauthorized Reverse Proxy Connection

The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9...

5CVSS2AI score0.90734EPSS
Exploits14References50Affected Software1
Veracode
Veracode
added 2020/04/10 1:10 a.m.43 views

Man-in-the-Middle (MitM)

httpd is vulnerable to man-in-the-middle MiTM. The vulnerability exists as it was discovered that the fix for CVE-2011-3368 released via RHSA-2011:1391 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly...

5CVSS2.9AI score0.90734EPSS
Exploits13References7Affected Software1
Veracode
Veracode
added 2020/04/10 12:34 a.m.31 views

Denial Of Service (DoS)

The Apache HTTP Server is vulnerable to Denial of Service DoS. A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time...

7.1CVSS2.6AI score0.16159EPSS
Exploits2References70Affected Software1
Rows per page
Query Builder