Lucene search
K

1507 matches found

OSV
OSV
added 2022/06/20 8:25 p.m.6 views

MAL-2022-6865 Malicious code in useragent-corev2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d6e212f2c61f9a29fd610a2668235854bd6c1a991cc52985782f710b2e33398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Prion
Prion
added 2022/06/01 11:15 p.m.21 views

Design/Logic Flaw

BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...

5CVSS7.4AI score0.01449EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/06/01 10:20 p.m.37 views

CVE-2022-29169 ReDoS on endpoint html5client/useragent in BigBlueButton

BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...

7.5CVSS7.6AI score0.01449EPSS
Exploits0References3
Veracode
Veracode
added 2022/05/26 6:34 a.m.14 views

Cross-site Scripting (XSS)

mautic/core is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of useragent before displaying, allowing an attacker to inject maliciously crafted script into the system...

9.6CVSS5.9AI score0.6118EPSS
Exploits0References3Affected Software1
0day.today
0day.today
added 2021/03/19 12:0 a.m.94 views

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution Vulnerability

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/16 12:0 a.m.181 views

ZynOS rom-0 Flaw Scanner

!/usr/bin/perl ZynOS rom-0 Flaw Scanner Copyright 2021 c Todor Donev https://donev.eu/ $ perl zynosscanner ZynOS rom-0 Flaw Scanner zynosscanner --targets= --threads=10 --redirects=7 --help --targets | Specify the list with addresses that you want to scan. --dump | Dump rom-0 file for each target...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2020/12/21 11:30 a.m.65 views

Watcher - Open Source Cybersecurity Threat Hunting Platform

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources...

7.3AI score
Exploits0References11
Packet Storm
Packet Storm
added 2020/10/09 12:0 a.m.626 views

Garfield Petshop 2020-10-01 Cross Site Request Forgery

!/usr/bin/perl Garfield Petshop Add-Admin Exploit By Ramdan Yantu rysec.io \ bastardlabs.info From Gorontalo - Indonesia Mail: ramdanyantuatgmail.com Application by Gamma Advertisa Link: https://detapos.co/ | https://demo.detapos.co.id/petshop CVE: CVE-2020-26522 use strict; use warnings; use...

0.8AI score0.00769EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.238 views

WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting

Title: WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting Date: 2020-01-21 Exploit Author: Gal Weizman Vendor Homepage: https://www.whatsapp.com Software Link: https://web.whatsapp.com/desktop/windows/release/x64/WhatsAppSetup.exe Software Link:...

8.2CVSS8.3AI score0.67859EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/03/18 12:0 a.m.231 views

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Exploit Title: Joomla! ACYMAILING 3.9.0 component - Unauthenticated Arbitrary File Upload Google Dork: inurl:"index.php?option=comacym" Date: 2020-03-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.acyba.com/ Software Link: https://www.acyba.com/acymailing/download.html Version: v6.9.1...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2020/02/24 12:0 a.m.52 views

ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure

ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/02/19 12:0 a.m.106 views

DBPower C300 HD Camera Remote Configuration Disclosure

!/usr/bin/perl DBPower C300 HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2020/01/31 12:0 a.m.25 views

LANCOM Device Detection (SIP)

Detection of LANCOM devices. This script performs SIP based detection of LANCOM devices. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/10/07 12:0 a.m.201 views

Zabbix 4.4 Authentication Bypass

!/usr/bin/perl -w Zabbix Zabbix Initializing the browser Referer = User-Agent = Opera/9.61 Macintosh; Intel Mac OS X; U; de Presto/2.1.1 Content-Type = application/x-www-form-urlencoded no-store, no-cache, must-revalidate close Mon, 07 Oct 2019 12:29:54 GMT no-cache nginx Accept-Encoding text/htm...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.453 views

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure

!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/20 12:0 a.m.134 views

Hisilicon HiIpcam V100R003 Remote ADSL Credential Disclosure

!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/06 12:0 a.m.185 views

WordPress 5.2.3 Remote Cross Site Host Modification

!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/02 12:0 a.m.276 views

Cisco IronPort C150 Header Injection

!/usr/bin/perl -w Cisco IronPort C150 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/09/02 12:0 a.m.40 views

Cisco Email Security Appliance (IronPort) C150 - (Host) Header Injection Exploit

!/usr/bin/perl -w Cisco IronPort C150 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.387 views

Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection

!/usr/bin/perl -w Cisco Titsco Email Security Appliance IronPort C160 Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev i...

7.4AI score
Exploits0
Rows per page
Query Builder