Lucene search
K

70 matches found

Vulnrichment
Vulnrichment
added 2023/07/24 8:27 a.m.18 views

CVE-2023-38056 Code execution via System Configuration

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

7.2CVSS6.9AI score0.0079EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/24 8:27 a.m.18 views

CVE-2023-38056 Code execution via System Configuration

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

7.2CVSS7.2AI score0.0079EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2022/06/25 12:0 a.m.40 views

Security update for wdiff (moderate)

openSUSE Security Update: Security update for wdiff Announcement ID: openSUSE-SU-2022:10031-1 Rating: moderate References: Cross-References: CVE-2012-3386 Affected Products: openSUSE Backports SLE-15-SP4 An update that fixes one vulnerability is now available. Description: This update for wdiff...

4.4CVSS8.7AI score0.00474EPSS
Exploits1
w3af
w3af
added 2014/06/10 4:21 p.m.79 views

web_spider

This plugin is a classic web spider, it will request a URL and extract all links and forms from the response. Three configurable parameter exist: onlyforward ignoreRegex followRegex IgnoreRegex and followRegex are commonly used to configure the webspider to spider all URLs except the "logout" or...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.18 views

form_autocomplete

This plugin greps every page for autocomplete-able forms containing password-type inputs. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats...

0.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.17 views

directory_indexing

This plugin greps every response directory indexing problems. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin sour...

7.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.22 views

analyze_cookies

This plugin greps every response for session cookies that the web application sends to the client, and analyzes them in order to identify potential vulnerabilities, the remote web application framework and other interesting information. Plugin type Grep Options This plugin doesnt have any user...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.19 views

finger_bing

This plugin finds mail addresses in Bing search engine. One configurable parameter exist: resultlimit This plugin searches Bing for : "@domain.com", requests all search results and parses them in order to find new mail addresses. Plugin type Infrastructure Options Name | Type | Default Value |...

7.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.18 views

cache_control

This plugin analyzes every HTTPS response and reports instances of incorrect cache control which might lead the users browser to cache sensitive contents on their system. The expected headers for HTTPS responses are: Pragma: No-cache Cache-control: No-store Plugin type Grep Options This plugin...

7.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.21 views

find_backdoors

This plugin searches for web shells in the directories that are sent as input. For example, if the input is: http://host.tld/w3af/f00b4r.php The plugin will perform these requests: http://host.tld/w3af/c99.php http://host.tld/w3af/cmd.php http://host.tld/w3af/webshell.php … Plugin type Crawl...

7.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.11 views

phishing_vector

This plugins finds phishing vectors in web applications, for example, a bug of this type is found if I request the URL "http://site.tld/asd.asp?info=http://attacker.tld" and in the response HTML the web application sends: … iframe src="http://attacker.tld" …. Plugin type Audit Options This plugin...

6.9AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.15 views

feeds

This plugin greps every page and finds rss, atom, opml feeds on them. This may be usefull for determining the feed generator and with that, the framework being used. Also this will be helpful for testing feed injection. Plugin type Grep Options This plugin doesnt have any user configured options...

7.5AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.17 views

response_splitting

This plugin will find response splitting vulnerabilities. The detection is done by sending "w3af\r\nVulnerable: Yes" to every injection point, and reading the response headers searching for a header with name "Vulnerable" and value "Yes". Plugin type Audit Options This plugin doesnt have any user...

0.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.20 views

motw

This plugin will specify whether the page is compliant against the MOTW standard. The standard is explained in: http://msdn2.microsoft.com/en-us/library/ms537628.aspx This plugin tests if the length of the URL specified by "XYZW" is lower, equal or greater than the length of the URL; and also...

7.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.24 views

finger_pks

This plugin finds mail addresses in PGP PKS servers. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin...

0.3AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.32 views

pykto

This plugin is a nikto port to python. It uses the scandatabase file from nikto to search for new and vulnerable URLs. The following configurable parameters exist: cgidirs admindirs nukedirs extradbfile mutatetests This plugin reads every line in the scandatabase and extradbfile and based on the...

0.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.29 views

csv_file

This plugin exports all identified vulnerabilities and informations to the given CSV file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | output-w3af.csv | The name of the outp...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.25 views

blind_sqli

This plugin finds blind SQL injections using two techniques: time delays and true/false response comparison. Only one configurable parameters exists: eqlimit Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- eqlimit | float | 0.9 | String equal ratio 0...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.14 views

email_report

This plugin sends short report only vulnerabilities by email to specified addresses. There are some configurable parameters: smtpServer smtpPort toAddrs fromAddr Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- smtpServer | string | localhost | SMTP...

7.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.10 views

blank_body

This plugin finds HTTP responses with a blank body, these responses may indicate errors or misconfigurations in the web application or the web server. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated...

7.1AI score
Exploits0
Rows per page
Query Builder