Lucene search
+L

42 matches found

kitploit
kitploit
added 2022/06/24 9:30 p.m.40 views

Authcov - Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2022/06/19 9:30 p.m.68 views

VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...

7.5AI score
Exploits0References1
osv
osv
added 2022/04/28 9:2 p.m.33 views

GHSA-3QRQ-R688-VVH4 Multiple valid tokens for password reset in Shopware

Impact Multiple tokens for password reset could be requested. All tokens could be used to change the password. This makes it possible for an attacker to take over the victims account if s/he gains access to the victims email account and finds unused password reset token in the emails within the...

6.4CVSS6.8AI score0.00836EPSS
Exploits0References5
ibm
ibm
added 2022/04/27 10:23 a.m.19 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management Server 11.6

Summary IBM WebSphere Application Server 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. Vulnerability Details CVEID: CVE-2020-4276 DESCRIPTION: IBM WebSphere Application...

6CVSS1AI score0.03121EPSS
Exploits0Affected Software1
osv
osv
added 2022/03/16 12:0 a.m.16 views

GHSA-M9GV-4523-JFFM Missing permission checks in AWS Credentials Plugin

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4.3CVSS4.7AI score0.00732EPSS
Exploits0References3
zdt
zdt
added 2021/11/11 12:0 a.m.402 views

FormaLMS 2.4.4 - Authentication Bypass Exploit

Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136 Info: An...

9.8CVSS9.2AI score0.15725EPSS
Exploits4
cnnvd
cnnvd
added 2021/03/18 12:0 a.m.5 views

Kong Gateway 访问控制错误漏洞

Kong Gateway is an API gateway from the Italian company Kong. It provides an inter-network connector. An access control error vulnerability exists in the JWT plugin in Kong Gateway prior to 2.3.0.0, which allows an unauthenticated user to access authenticated routes without a valid token...

7.5CVSS7.4AI score0.01789EPSS
Exploits0References3
ibm
ibm
added 2020/06/09 9:47 p.m.26 views

Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)

Summary There is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2020-4362 DESCRIPTION: IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based...

8.8CVSS0.5AI score0.02438EPSS
Exploits0Affected Software1
packetstorm
packetstorm
added 2020/04/21 12:0 a.m.88 views

QRadar Community Edition 7.3.1.6 Path Traversal

------------------------------------------------------------------------ QRadar session manager path traversal vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2019...

7.4AI score
Exploits0
nessus
nessus
added 2020/04/17 12:0 a.m.36 views

IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)

A privilege escalation vulnerability exists in IBM WebSphere Application Server 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.0 through 8.5.5.17, 9.0.0.0 through 9.0.5.3 when using token-based authentication in an admin request over the SOAP connector. An authenticated, remote attacke...

8.8CVSS7.6AI score0.02438EPSS
Exploits0References3
osv
osv
added 2020/04/10 2:15 p.m.4 views

CVE-2020-4362

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...

8.8CVSS7.1AI score
Exploits0References2
nvd
nvd
added 2020/04/10 2:15 p.m.15 views

CVE-2020-4362

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...

8.8CVSS8.3AI score0.02438EPSS
Exploits0References2
prion
prion
added 2020/04/10 2:15 p.m.18 views

Privilege escalation

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...

6.5CVSS8.7AI score0.02438EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/04/10 2:0 p.m.25 views

CVE-2020-4362

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...

7.5CVSS8.8AI score0.02438EPSS
Exploits0References2
osv
osv
added 2020/03/26 2:15 p.m.3 views

CVE-2020-4276

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...

7.5CVSS7.1AI score0.03121EPSS
Exploits0References2
nvd
nvd
added 2020/03/26 2:15 p.m.17 views

CVE-2020-4276

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...

7.5CVSS7.8AI score0.03121EPSS
Exploits0References2
prion
prion
added 2020/03/26 2:15 p.m.18 views

Privilege escalation

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...

6CVSS7.7AI score0.03121EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/03/26 1:20 p.m.22 views

CVE-2020-4276

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...

7.5CVSS7.8AI score0.03121EPSS
Exploits0References2
cve
cve
added 2020/03/26 1:20 p.m.116 views

CVE-2020-4276

CVE-2020-4276 affects IBM WebSphere Application Server traditional (versions 7.0, 8.0, 8.5, 9.0). The vulnerability is a privilege escalation via token-based authentication in an admin request over the SOAP connector. IBM bulletins and related documents (X-Force ID 175984) assign CVSS v3 base sco...

7.5CVSS7.6AI score0.03121EPSS
Exploits0References2Affected Software1
threatpost
threatpost
added 2018/08/01 6:33 p.m.9 views

Reddit Breach Stems from SMS Two-Factor Authentication Breakdown

Reddit confirmed Wednesday that a hacker broke into its systems and has accessed user data – including email addresses and passwords for accounts. The company said in a post today that the compromise occurred between June 14 and June 18, and it detected the incident on June 19. “We learned that a...

0.4AI score
Exploits0References3
Rows per page
Query Builder