Lucene search
K

132 matches found

Cvelist
Cvelist
added 2020/09/14 12:51 p.m.18 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.3AI score0.02342EPSS
Exploits1References4
Kitploit
Kitploit
added 2020/06/19 12:30 p.m.46 views

Vhosts-Sieve - Searching For Virtual Hosts Among Non-Resolvable Domains

Searching for virtual hosts among non-resolvable domains. Installation git clone https://github.com/dariusztytko/vhosts-sieve.git pip3 install -r vhosts-sieve/requirements.txt Usage Get a list of subdomains e.g. using Amass $ amass enum -v -passive -o domains.txt -d example.com -d...

7.5AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/02/19 4:4 p.m.8 views

rabbitmq-server: not properly sanitized user input may lead to XSS

A flaw was discovered in rabbitmq-server where two endpoints, federation and shovel, do not properly sanitize user input. A remote, authenticated user, with administrative access, could execute a cross site scripting attack, using the vhost or node name fields, that could grant access to virtual...

4.8CVSS5.3AI score0.00796EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/01/13 10:12 a.m.4 views

rabbitmq-server: improper sanitization of vhost limits and federation management UI pages

A vulnerability was found in the rabbitmq-server. User input for the virtual host limits page and the federation management UI was not properly sanitized. A remote, authenticated administrative user could create a cross-site scripting attack leading to access to virtual hosts and policy managemen...

4.8CVSS6.9AI score0.01165EPSS
Exploits0References6
OSV
OSV
added 2019/10/16 4:15 p.m.4 views

DEBIAN-CVE-2019-11281

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user...

4.8CVSS5.3AI score0.01165EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 4:15 p.m.7 views

UBUNTU-CVE-2019-11281

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user...

4.8CVSS5.6AI score0.01165EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/10/01 12:0 a.m.35 views

Fedora Update for mod_md FEDORA-2019-e00c65ec6f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.2CVSS7.3AI score0.81466EPSS
Exploits5References2
Fedora
Fedora
added 2019/09/30 1:39 a.m.48 views

[SECURITY] Fedora 29 Update: mod_md-2.0.8-3.fc29

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol RFC Draft to automate certificate provisioning. These will be configured for managed domains and their virtual hosts automatically. This includes renewal of certificates befor...

7.2CVSS2.2AI score0.81466EPSS
Exploits5
Fedora
Fedora
added 2019/08/23 1:27 a.m.45 views

[SECURITY] Fedora 30 Update: mod_md-2.0.8-2.fc30

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol RFC Draft to automate certificate provisioning. These will be configured for managed domains and their virtual hosts automatically. This includes renewal of certificates befor...

7.2CVSS2.2AI score0.81466EPSS
Exploits5
Kitploit
Kitploit
added 2018/12/13 11:37 a.m.46 views

Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner

celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...

7.2AI score
Exploits0References6
exploitpack
exploitpack
added 2018/06/07 12:0 a.m.14 views

WampServer 3.0.6 - Cross-Site Request Forgery

WampServer 3.0.6 - Cross-Site Request Forgery Exploit Title: WampServer 3.0.6 - Cross-Site Request Forgery Date: 2018-06-11 Exploit Author: L0RD Software Link: https://ufile.io/gpqh9 Vendor Homepage: http://www.wampserver.com/en/ Version: 3.0.6 - 64bit Tested on: Win 10 Description : An issue was...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/07 12:0 a.m.32 views

WampServer 3.0.6 - Cross-Site Request Forgery

Exploit Title: WampServer 3.0.6 - Cross-Site Request Forgery Date: 2018-06-11 Exploit Author: L0RD Software Link: https://ufile.io/gpqh9 Vendor Homepage: http://www.wampserver.com/en/ Version: 3.0.6 - 64bit Tested on: Win 10 Description : An issue was discovered in WampServer 3.0.6 which allows a...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/03/31 12:0 a.m.245 views

WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely Vulnerability

Exploit for php platform in category web applications WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely CVE-2018-8817 CSRF Cross site request forgery in WampServer 3.1.2 which allows a remote attacker to force any victim to add or delete virtual hosts...

7.7AI score0.03267EPSS
Exploits6
Wallarm Lab
Wallarm Lab
added 2017/09/12 7:29 p.m.29 views

Top-5 stupid security mistakes in web apps

by Ivan Novikov Image by Byseyhanla Own work CC BY-SA 4.0, article re-posted from In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddie...

6.5AI score
Exploits0
Fedora
Fedora
added 2015/04/22 10:42 p.m.29 views

[SECURITY] Fedora 22 Update: cherokee-1.2.103-6.fc22

Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...

6.8CVSS1AI score0.02844EPSS
Exploits0
Kitploit
Kitploit
added 2014/10/09 1:36 a.m.10 views

mwebfp - Massive Web Fingerprinter

The "LowNoiseHG LNHG Massive Web Fingerprinter " "mwebfp " from now on was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets,...

7AI score
Exploits0References4
Hacker One
Hacker One
added 2014/05/25 10:41 a.m.37 views

IRCCloud: Host Header Injection - irccloud.com

Host Header Injection Attack - irccloud.com An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifi...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2013/12/18 12:38 a.m.36 views

[Hasere v0.2] Discover vHosts using Google and Bing

Hasere is a tool that can discovery the virtual hosts and related filetype using google and bing search engines. Optionally, it uses the nmap to determine the ip addresses which have 80 or 443 opened port. After that it uses the bing search engine to determine which domains were hosted or have be...

7.5AI score
Exploits0References1
w3af
w3af
added 2013/06/10 11:2 p.m.29 views

find_vhosts

This plugin uses the HTTP Host header to find new virtual hosts. For example, if the intranet page is hosted in the same server that the public page, and the web server is misconfigured, this plugin will discover that virtual host. Please note that this plugin doesnt use any DNS technique to find...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/04/02 11:13 p.m.64 views

[Acunetix Web Vulnerability Scanner 8] Automated Web Application Security Testing Tool

Acunetix W eb V ulnerability S canner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive...

7.3AI score
Exploits0
Rows per page
Query Builder