Lucene search
+L

428 matches found

cvelist
cvelist
added 2019/09/10 4:38 p.m.15 views

CVE-2019-11464

Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and...

6.2AI score0.00851EPSS
Exploits0References1
osv
osv
added 2019/09/10 4:15 p.m.7 views

CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5.3CVSS6.1AI score0.00694EPSS
Exploits0References1
cvelist
cvelist
added 2019/09/10 3:50 p.m.27 views

CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5.1AI score0.00694EPSS
Exploits0References1
zdt
zdt
added 2019/09/09 12:0 a.m.74 views

WordPress 5.2.3 - Cross-Site Host Modification Exploit

Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2019/09/09 12:0 a.m.427 views

WordPress Core 5.2.3 - Cross-Site Host Modification

!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/09/09 12:0 a.m.32 views

WordPress 5.2.3 - Cross-Site Host Modification

WordPress 5.2.3 - Cross-Site Host Modification !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something lik...

7.3AI score
Exploits0
packetstorm
packetstorm
added 2019/09/06 12:0 a.m.185 views

WordPress 5.2.3 Remote Cross Site Host Modification

!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...

0.2AI score
Exploits0
kitploit
kitploit
added 2019/08/01 9:33 p.m.323 views

XSpear - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testi...

6.8AI score
Exploits0References2
veracode
veracode
added 2019/07/08 10:41 a.m.34 views

Remote Code Execution (RCE)

kentico is vulnerable to remote code execution RCE. Failure to validate security headers allow an attacker to bypass authentication and perform unsafe deserialization using a malicious .NET object input, which would lead to remote code execution on the server...

9.8CVSS9.9AI score0.96031EPSS
Exploits5References2Affected Software1
kitploit
kitploit
added 2019/06/11 1:7 p.m.46 views

RecScanSec - Reconnaisance Scanner Security

RecScanSec made for reconnaisance Scanner and information gathering with an emphasis on simplicity. It will do everything from. Features Information Security Headers WAF Analyzer Information Disclosure Banner Grabbing Url Crawl HTML Form Detector Port Scanner Get SSL Information Subdomain...

6.8AI score
Exploits0References1
osv
osv
added 2019/05/10 8:29 p.m.3 views

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

7.5CVSS5.8AI score
Exploits0References1
prion
prion
added 2019/05/10 8:29 p.m.20 views

Design/Logic Flaw

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5CVSS7.2AI score0.01429EPSS
Exploits0References1Affected Software1
osv
osv
added 2019/05/10 8:29 p.m.5 views

CVE-2019-5495

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

7.5CVSS5.8AI score0.01429EPSS
Exploits0References1
prion
prion
added 2019/05/10 8:29 p.m.18 views

Design/Logic Flaw

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5CVSS7.1AI score0.00703EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2019/05/10 8:29 p.m.21 views

CVE-2019-5495

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

7.5CVSS7.3AI score0.01429EPSS
Exploits0References1
nvd
nvd
added 2019/05/10 7:29 p.m.31 views

CVE-2019-5494

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

7.5CVSS7.2AI score0.00703EPSS
Exploits0References1
cve
cve
added 2019/05/10 7:24 p.m.81 views

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 are affected by CVE-2019-5496 due to missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The connected NVD entry lists CVSS scores (2.0/3.0) indicating network access with no authentication...

7.5CVSS7.1AI score0.00703EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2019/03/26 6:29 p.m.22 views

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

9.8CVSS10AI score0.96031EPSS
Exploits5References3
osv
osv
added 2019/03/26 6:29 p.m.5 views

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

9.8CVSS7.9AI score0.96031EPSS
Exploits5References3
vulnrichment
vulnrichment
added 2019/03/26 5:43 p.m.13 views

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

8.2AI score0.96031EPSS
Exploits5References2
Rows per page
Query Builder