Lucene search
+L

17 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-15796

Malware in sbrugna...

7.5CVSS7.3AI score0.0047EPSS
Exploits0References10
debiancve
debiancve
added 2024/11/05 6:54 p.m.8 views

CVE-2024-51746

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature...

1.8CVSS4.6AI score0.00116EPSS
Exploits0
susecve
susecve
added 2023/02/15 3:43 a.m.3 views

SUSE CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

6.7CVSS6.8AI score0.0047EPSS
Exploits0References14
cisa_kev
cisa_kev
added 2021/11/03 12:0 a.m.26 views

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution...

9CVSS8.5AI score0.99965EPSS
In wildExploits30
prion
prion
added 2021/06/28 12:15 p.m.28 views

Path traversal

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

2.1CVSS5.2AI score0.0047EPSS
Exploits0References5Affected Software2
cvelist
cvelist
added 2021/06/28 11:58 a.m.34 views

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

7.5CVSS6.5AI score0.0047EPSS
Exploits0References5
alpinelinux
alpinelinux
added 2021/06/28 11:58 a.m.36 views

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

7.5CVSS5.8AI score0.0047EPSS
Exploits0
nessus
nessus
added 2021/06/28 12:0 a.m.27 views

SUSE SLES15: dovecot23 / dovecot23-backend-mysql / dovecot23-backend-pgsql / etc (SUSE-SU-2021:2124-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2124-1 advisory. - CVE-2021-29157: Local attacker can login as any user and access their emails bsc1187418 - CVE-2021-33515: Attacker can potentiall...

7.5CVSS6.8AI score0.02837EPSS
Exploits0References7
ubuntucve
ubuntucve
added 2021/06/21 12:0 p.m.33 views

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

7.5CVSS6.8AI score0.0047EPSS
Exploits0References4
metasploit
metasploit
added 2021/06/16 5:43 p.m.209 views

Microsoft SharePoint Unsafe Control and ViewState RCE

The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will...

8.8CVSS8.4AI score0.30045EPSS
Exploits5
metasploit
metasploit
added 2020/10/19 5:41 p.m.175 views

Microsoft SharePoint Server-Side Include and ViewState RCE

This module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The web.config...

8.6CVSS7.8AI score0.70894EPSS
Exploits5
packetstorm
packetstorm
added 2020/10/19 12:0 a.m.874 views

Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...

0.4AI score0.70894EPSS
Exploits5
zdt
zdt
added 2020/10/19 12:0 a.m.99 views

Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit

This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...

8.6CVSS0.5AI score0.70894EPSS
Exploits5
vulncheck_kev
vulncheck_kev
added 2020/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-0688

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution...

9CVSS7.6AI score0.99965EPSS
Exploits30References1
attackerkb
attackerkb
added 2012/08/08 10:26 a.m.2 views

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

6.5CVSS5.6AI score0.01681EPSS
Exploits1References3
prion
prion
added 2012/08/08 10:26 a.m.11 views

Command injection

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

6.5CVSS6.9AI score0.01681EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2009/03/30 1:30 a.m.7 views

CVE-2008-6540

DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default 1 ValidationKey and 2 DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys...

5.1CVSS5.8AI score0.02495EPSS
Exploits1References7
Rows per page
Query Builder