Lucene search
+L

322 matches found

Huntr
Huntr
added 2022/04/22 8:51 a.m.112 views

Sed Injection Vulnerability

Description In Hestia Control Panel 1.5.11, several v-scripts shell scripts have sed injection vulnerabilities. By chaining these vulnerabilities, an authenticated remote attacker with low privileges can execute arbitrary code under root context. Sed injection vulnerabilities exist in the followi...

9CVSS9.1AI score0.04589EPSS
Exploits1
OSV
OSV
added 2022/03/24 3:39 p.m.10 views

CLSA-2022-1648136371 Fix of CVE: CVE-2022-22721, CVE-2022-23943, CVE-2022-22719, CVE-2022-22720

CVE-2022-22719: modlua: error out if luareadbody or luawritebody fail - CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory - CVE-2022-23943: modsed: use sizet to allow for larger...

9.8CVSS7.4AI score0.69803EPSS
Exploits0References1
OSV
OSV
added 2022/03/24 3:38 p.m.9 views

CLSA-2022-1648136327 Fix CVE(s): CVE-2022-23943, CVE-2022-22720, CVE-2022-22721, CVE-2022-22719

SECURITY UPDATE: modlua Use of uninitialized value of in r:parsebody - debian/patches/CVE-2022-22719.patch: refactor luareadbody in order to catch all possible errors - CVE-2022-22719 SECURITY UPDATE: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier -...

9.8CVSS7.5AI score0.69803EPSS
Exploits0References1
OSV
OSV
added 2022/03/17 7:10 p.m.9 views

USN-5333-2 apache2 vulnerabilities

USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote...

9.8CVSS7.3AI score0.69803EPSS
Exploits0References5
OSV
OSV
added 2022/03/14 11:15 a.m.1 views

DEBIAN-CVE-2022-23943

Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...

9.8CVSS8.5AI score0.50401EPSS
Exploits0References1
OSV
OSV
added 2022/03/14 11:15 a.m.4 views

UBUNTU-CVE-2022-23943

Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...

9.8CVSS7.2AI score0.50401EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/14 12:0 a.m.7 views

PT-2022-1925

Name of the Vulnerable Software and Affected Versions Apache HTTP Server 2.4 versions 2.4.52 and prior versions Description The issue is related to an out-of-bounds write vulnerability in the mod sed module of Apache HTTP Server. This vulnerability allows an attacker to overwrite heap memory with...

10CVSS7.7AI score0.50401EPSS
Exploits0References228
ATTACKERKB
ATTACKERKB
added 2022/03/01 11:15 p.m.4 views

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.5AI score0.87113EPSS
Exploits4References7
NVD
NVD
added 2022/03/01 11:15 p.m.40 views

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS0.87113EPSS
Exploits4References4
OSV
OSV
added 2022/03/01 11:15 p.m.27 views

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

8.8CVSS7.6AI score
Exploits0References4
Prion
Prion
added 2022/03/01 11:15 p.m.29 views

Command injection

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS9.1AI score0.87113EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2022/03/01 10:45 p.m.57 views

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9.3AI score0.87113EPSS
Exploits4References4
CVE
CVE
added 2022/03/01 10:45 p.m.171 views

CVE-2021-41282

CVE-2021-41282 affects pfSense 2.5.2 where diag_routes.php uses netstat output parsed by sed. Despite escapeshellarg, an attacker with authenticated access and the required WebCfg privilege can inject sed code, enabling arbitrary file write and potential web shell execution. Descriptions across c...

9CVSS9AI score0.87113EPSS
Exploits4References4Affected Software1
0day.today
0day.today
added 2021/11/15 12:0 a.m.593 views

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...

9.8CVSS10AI score0.35047EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/07/30 12:0 a.m.300 views

Pi-Hole Remove Commands Linux Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Remove Commands Linux Priv Esc', 'Description' = %q Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,...

7.8CVSS0.8AI score0.01863EPSS
Exploits4
Metasploit
Metasploit
added 2021/07/29 5:43 p.m.96 views

Pi-Hole Remove Commands Linux Priv Esc

Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is...

7.8CVSS7.5AI score0.01863EPSS
Exploits4
Prion
Prion
added 2021/07/15 5:15 p.m.13 views

Design/Logic Flaw

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

3.5CVSS5.4AI score0.00842EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/04/14 12:0 a.m.33 views

CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details. Recent assessments: h00die at May 31, 2021 11:59am UTC...

7.8CVSS3.2AI score0.01863EPSS
Exploits4References4
Hacker One
Hacker One
added 2020/12/26 5:34 a.m.52 views

h1-ctf: Grinch Networks compromised!

Grinch Networks compromised! For fast triage/validation and inspired by @manoelt in other CTF, I made a bash script to find and print all the 12 flags of this CTF. The script uses curl, wget, google-chrome headless for flag 2, unzip, grep and sed. If any of these commands is missing, the script...

7.8AI score
Exploits0
AlmaLinux
AlmaLinux
added 2020/11/03 12:11 p.m.13 views

sed bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

1.3AI score
Exploits0
Rows per page
Query Builder