Lucene search
K

65 matches found

NVD
NVD
added 2024/12/04 9:15 p.m.59 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/02 2:32 p.m.34 views

CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS6.9AI score0.00385EPSS
Exploits0References1
Veracode
Veracode
added 2024/11/20 3:48 a.m.18 views

Local File Inclusion (LFI)

symfony/runtime is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper handling of the argv values in non-SAPI PHP runtimes, where the registerargvargc directive is set to on, allowing attackers to craft query strings that modify the environment or debug settings used by...

7.3CVSS6.6AI score0.63422EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/11/12 8:15 p.m.103 views

CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

8.7CVSS0.37981EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/03 4:31 p.m.28 views

CVE-2024-7440 Vivotek CC8160 upload_file.cgi getenv command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...

6.5CVSS0.02689EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/03 4:31 p.m.12 views

CVE-2024-7440 Vivotek CC8160 upload_file.cgi getenv command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...

6.5CVSS7.6AI score0.02689EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.20 views

Fedora: Security Advisory for apache-commons-lang3 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:32 p.m.38 views

[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...

8.8CVSS6.8AI score0.02557EPSS
Exploits3
NVD
NVD
added 2023/09/04 1:15 a.m.24 views

CVE-2023-4746

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437B20230519. This affects the function Validitycheck. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the...

9CVSS9.2AI score0.03153EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/03/05 5:15 a.m.48 views

CVE-2015-10088

A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function httpconnect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The...

8.1CVSS5.4AI score0.00721EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.22 views

debug 安全漏洞

debug is a small JavaScript debugging utility open-sourced by Debug.js and modeled on core Node.js debugging techniques. A security vulnerability exists in debug versions prior to 3.1.0, which stems from the function useColors in file src/node.js, where manipulation of the parameter str leads to...

7.5CVSS5.6AI score0.02046EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/12/28 12:0 a.m.23 views

openSUSE 15 Security Update : multimon-ng (openSUSE-SU-2022:10253-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10253-1 advisory. - A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function addch of the file demodflex.c. The...

9.8CVSS7.5AI score0.00889EPSS
Exploits0References4
0day.today
0day.today
added 2022/12/24 12:0 a.m.319 views

macOS/x64 Execve Null-Free Shellcode (253 bytes)

Shellcode Title: macOS/x64 - Execve Null-Free Shellcode 253 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Date: 12/20/2022 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The strin...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2022/12/21 12:0 a.m.23 views

CVE-2022-4639 sslh Packet Dumping probe.c hexdump format string

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

5.6CVSS9.8AI score0.00855EPSS
Exploits0References3
Prion
Prion
added 2022/12/19 2:15 p.m.13 views

Format string

A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function addch of the file demodflex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is...

7.5CVSS9.5AI score0.00889EPSS
Exploits0References4Affected Software1
Kitploit
Kitploit
added 2022/10/25 11:30 a.m.33 views

Mangle - Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs

Authored By Tyl0us Featured at Source Zero Con 2022 Mangle is a tool that manipulates aspects of compiled executables .exe or DLL. Mangle can remove known Indicators of Compromise IoC based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and c...

7.3AI score
Exploits0References3
Veracode
Veracode
added 2022/01/24 7:42 a.m.24 views

User Impersonation

onionsharecli is vulnerable to user impersonation. An attacker with access to the chat environment is able to update the name string to that of another user by appending a space character at the end of it, allowing to impersonate other participants...

4.3CVSS5.3AI score0.00708EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2020/04/10 12:59 a.m.25 views

Privilege Escalation

perl is vulnerable to privilege escalation. The vulnerability exists as it was found that certain Perl string manipulation functions such as uc and lc failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the...

5CVSS2.8AI score0.08712EPSS
Exploits1References18Affected Software1
Debian CVE
Debian CVE
added 2020/01/11 2:5 a.m.21 views

CVE-2020-6839

In mruby 2.1.0, there is a stack-based buffer overflow in mrbstrlentodbl in string.c...

9.8CVSS9.8AI score0.01355EPSS
Exploits1
Kitploit
Kitploit
added 2019/10/28 12:0 p.m.137 views

Cryptovenom - The Cryptography Swiss Army Knife

CryptoVenom: The Cryptography Swiss Army knife What is CryptoVenom? CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern...

7.4AI score
Exploits0References1
Rows per page
Query Builder