3365 matches found
Huawei Data Communication: A proper timeout interval must be configured for the VTY
Configure the SSH/telnet login session of the VTY to not time out. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries throug...
HttpDoom - A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface
Validate large HTTP-based attack surfaces in a very fast way. Heavily inspired by Aquatone. Why? When I utilize Aquatone to flyover some hosts, I have some performance issues by the screenshot feature, and the lack of extension capabilities - like validating front-end technologies with a...
CVE-2021-28682
A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...
Envoy 输入验证错误漏洞
Envoy is an open source distributed proxy server. versions prior to Envoy 1.71.1 are vulnerable to integer overflow, which can be exploited by an attacker with an excessive grpc-timeout value to cause an unexpected timeout calculation...
CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...
Elastic Stack 7.12.0 and 6.8.15 Security Update
Elasticsearch Suggester & Profile API information disclosure flaw ESA-2021-06 A document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document leve...
Stormshield Network Security Denial of Service Vulnerability
Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. Stormshield Network Security suffers from a denial of service vulnerability, which can be exploited by an attacker who can trigger a fatal error via an IPv6 NDP timeout in Stormshield...
openSUSE Security Update : nghttp2 (openSUSE-2021-341)
This update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of stati...
OPENSUSE-SU-2021:0341-1 Security update for nghttp2
This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static...
SSB - A Faster And Simpler Way To Bruteforce SSH Server
S ecure S hell B ruteforcer — A faster & simpler way to bruteforce SSH server. Installation from Binary Download a pre-built binary from releases page, unpack and run! Or: ▶ sudo curl -sSfL 'https://git.io/kitabisa-ssb' | sh -s -- -b /usr/local/bin from Source Need go1.14+ compiler installed and...
CVE-2021-22300
There is an information leak vulnerability in eCNS280TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods...
CVE-2021-22300
There is an information leak vulnerability in eCNS280TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods...
CVE-2020-14247
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...
CVE-2020-14247
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...
Design/Logic Flaw
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...
CVE-2020-14247
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...
CVE-2020-14247
Summary: CVE-2020-14247 affects HCL OneTest Performance versions 9.5, 10.0 and 10.1. The vulnerability arises from an inadequate session timeout, which could allow an attacker to guess and reuse a valid session ID. What’s affected: HCL OneTest Performance (V9.5, V10.0, V10.1). Root cause: Inadequ...
CVE-2020-28493
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
Web-Brutator - Modular Web Interfaces Bruteforcer
Fast Modular Web Interfaces Bruteforcer Install python3 -m pip install -r requirements.txt Usage $ python3 web-brutator.py -h . / \ / \ \ | \ \ / | / | \ // // | \ | | /\ \ | \ \ \ \ / \ \ \ /\ /| \ \ // | | \ | | / | /| | / | | | / /\ / \ / | / || |/ || /| /|| / / / / / Version 0.2...