Lucene search
K

98 matches found

OSV
OSV
added 2018/06/07 2:29 a.m.11 views

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

7.5CVSS7.6AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/12/21 4:37 p.m.14 views

japaneseverbconjugator.com XSS vulnerability

Open Bug Bounty ID: OBB-456859 Description| Value ---|--- Affected Website:| japaneseverbconjugator.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/06/27 2:34 p.m.9 views

tamildiction.org XSS vulnerability

Vulnerable URL: http://tamildiction.org/verbdictionary/index.php?verb=1/-///'/"//--...

6.9AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2016/07/22 8:15 p.m.14 views

Kovter becomes almost file-less, creates a new file type, and gets some new certificates

Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their...

7.2AI score
Exploits0
myhack58
myhack58
added 2016/06/15 12:0 a.m.33 views

CVE-2 0 1 4-6 3 5 2 vulnerability and targeted attacks sample analysis-vulnerability warning-the black bar safety net

Primer People do,day in look. Recent 3 6 0 days eye the lab captured an example for India the orientation of the attack of the sample,the sample advantage of the sandworm vulnerability patch bypass Vulnerability CVE-2 0 1 4-6 3 5 2,was analyzed after confirmation, we think this is Trend Micro in...

0.3AI score
Exploits0
hackapp
hackapp
added 2016/04/01 8:57 a.m.8 views

Start Deutsch Verb - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Start Deutsch Verb published at the 'play' market has multiple vulnerabilities...

1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 8:57 a.m.14 views

German Verb Prepositions Quiz - Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application German Verb Prepositions Quiz published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 8:56 a.m.12 views

German Verb Conjugator - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application German Verb Conjugator published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
erpscan
erpscan
added 2014/09/04 12:0 a.m.21 views

SAP HANA Application Lifecycle manager - CSRF token bypass (Verb tampering)

Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: CSRF token bypass Verb tampering Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 21.08.2014 Reference: SAP Security Note 2011169 Author: Dmitry Chastukhin ERPScan Description It ...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.178 views

[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-023: HTTP verb tampering issue in SAPJTECHS This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

0.1AI score
Exploits0
NVD
NVD
added 2014/07/31 2:55 p.m.21 views

CVE-2014-5175

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAPJTECHS...

7.5CVSS7AI score0.01956EPSS
Exploits0References7
Prion
Prion
added 2014/07/31 2:55 p.m.16 views

Authentication flaw

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAPJTECHS...

7.5CVSS7.5AI score0.01956EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2014/07/31 2:0 p.m.22 views

CVE-2014-5175

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAPJTECHS...

7AI score0.01956EPSS
Exploits0References7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Ipswitch WS_FTP Server 5.05 XMD5 Overflow

No description provided by source. $Id: wsftpserver505xmd5.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Texas Imperial Software WFTPD 3.23 SIZE Overflow

No description provided by source. $Id: wftpdsize.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2013/05/16 3:41 p.m.17 views

SAP CTC Service Verb Tampering User Management

This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 authentication required. This modul...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.36 views

RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1798 advisory. - Invoker servlets authentication bypass HTTP verb tampering CVE-2011-4085 - openid4java AX extension: MITM due to improper validation of AX...

6.8CVSS5.6AI score0.03201EPSS
Exploits3References10
Nmap
Nmap
added 2012/09/07 11:42 p.m.2201 views

http-vuln-cve2010-0738 NSE Script

Tests whether a JBoss target is vulnerable to jmx console authentication bypass CVE-2010-0738. It works by checking if the target paths require authentication or redirect to a login page that could be bypassed via a HEAD request. RFC 2616 specifies that the HEAD request should be treated exactly...

10CVSS8.7AI score0.99448EPSS
Exploits61
RedHat Linux
RedHat Linux
added 2012/06/22 1:12 a.m.7 views

Invoker servlets authentication bypass (HTTP verb tampering)

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.4AI score0.79415EPSS
Exploits31References4
RedHat Linux
RedHat Linux
added 2012/02/02 10:17 p.m.6 views

Invoker servlets authentication bypass (HTTP verb tampering)

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.4AI score0.79415EPSS
Exploits31References4
Rows per page
Query Builder