Lucene search
+L

1284 matches found

GithubExploit
GithubExploit
added 2023/07/07 7:48 a.m.396 views

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py O...

8.6CVSS7.4AI score0.99999EPSS
Exploits15
OpenVAS
OpenVAS
added 2023/07/05 12:0 a.m.25 views

3CX Phone System Detection Consolidation

Consolidation of 3CX Phone System detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/05/17 12:0 a.m.21 views

WordPress 4.1.x < 4.1.38 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
0day.today
0day.today
added 2023/02/15 12:0 a.m.375 views

GitLab GitHub Repo Import Deserialization Remote Code Execution Exploit

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested defaultbranch. GitLab will cache this object and then deserialize it when...

9.9CVSS9.6AI score0.86194EPSS
Exploits5
0day.today
0day.today
added 2022/12/24 12:0 a.m.403 views

OpenTSDB 2.4.0 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...

9.8CVSS9.9AI score0.8533EPSS
Exploits5
OpenVAS
OpenVAS
added 2022/11/24 12:0 a.m.24 views

Apache Commons Detection (Linux/Unix SSH Login)

SSH login-based detection of Apache Commons and its components. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

0.5AI score
Exploits0
Metasploit
Metasploit
added 2022/11/19 7:50 p.m.406 views

ChurchInfo 1.2.13-1.3.0 Authenticated RCE

This module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmpattach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a...

8.8CVSS8.8AI score0.10523EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.26 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)

Summary Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0...

8.8CVSS6.9AI score0.0077EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2022/09/15 12:0 a.m.343 views

Gitea 1.16.6 Remote Code Execution

Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...

7.5CVSS0.3AI score0.87678EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.9 views

PT-2022-16201 · Aruba · Arubaos-Cx Switches

Name of the Vulnerable Software and Affected Versions: ArubaOS-CX Switches versions 10.10.0002 and below ArubaOS-CX Switches versions 10.09.1020 and below ArubaOS-CX Switches versions 10.08.1060 and below ArubaOS-CX Switches versions 10.06.0200 and below Description: A vulnerability in the...

5.3CVSS5.2AI score0.00731EPSS
Exploits0References3
0day.today
0day.today
added 2022/05/06 12:0 a.m.363 views

ZoneMinder Language Settings Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...

9.8CVSS9.8AI score0.67128EPSS
Exploits6
Metasploit
Metasploit
added 2022/05/05 5:43 p.m.141 views

ZoneMinder Language Settings Remote Code Execution

This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Module Options msf use exploit/unix/webapp/zoneminderlangexec...

9.8CVSS9.7AI score0.67128EPSS
Exploits6
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.135 views

Photo Gallery < 1.6.3 - Unauthenticated SQL Injection

The plugin does not properly escape the $POST'filtertag' parameter, which is appended to an SQL query, making SQL Injection attacks possible. POST /wp-admin/admin-ajax.php?imageid=123 HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh,en;q=0.5 Accept-Encoding: gzip,...

9.8CVSS1AI score0.23459EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/03/17 12:0 a.m.14 views

Icinga Web 2 Detection (Linux/Unix SSH Login)

SSH login-based detection of Icinga Web 2. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.170046...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2022/03/07 5:42 p.m.654 views

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

9.8CVSS8.4AI score0.96182EPSS
Exploits18
OSV
OSV
added 2022/03/01 5:2 p.m.4 views

OPENSUSE-SU-2022:0061-1 Security update for mc

This update for mc fixes the following issues: Midnight Commander 4.8.27: Core - Reimplement version detection 3603, 4249 - Significantly reduce rebuilt time after version change 2252, 4266 - Drop automatic migration of configuration from /.mc to XDG-based directories 3682 - zsh: support custom...

7.5CVSS7.6AI score0.02216EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/01/07 12:0 a.m.9 views

WordPress 3.8.x < 3.8.37 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/01/07 12:0 a.m.13 views

WordPress 4.7.x < 4.7.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

7.2AI score
Exploits0References2
GithubExploit
GithubExploit
added 2021/11/11 4:34 a.m.1036 views

Exploit for Code Injection in Gitlab

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This...

10CVSS9.3AI score0.99731EPSS
Exploits30
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.47 views

F5 Networks BIG-IP : OpenSSL vulnerability (K24624116)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K24624116 advisory. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length...

7.5CVSS6.8AI score0.50732EPSS
Exploits0References2
Rows per page
Query Builder