Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2024/01/01 6:15 p.m.12 views

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

8.8CVSS9.1AI score0.88564EPSS
Exploits2References8
Prion
Prionadded 2024/01/01 6:15 p.m.19 views

Command injection

reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

6.5CVSS7.8AI score0.88564EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologiesadded 2024/01/01 12:0 a.m.3 views

PT-2024-13859 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.1.2 Description: The issue allows OS Command Injection if an adversary has a valid session ID. The attack involves placing shell metacharacters in an "api/tools/waf detector/?url=" string. The commands are executed...

8.8CVSS7.6AI score0.88564EPSS
Exploits2References15
CVE
CVEadded 2024/01/01 12:0 a.m.129 views

CVE-2023-50094

The CVE-2023-50094 vulnerability affects reNgine (before 2.1.2). Affected component is the web API path including api/tools/waf_detector/?url= where shell metacharacters can be injected by an authenticated user, leading to OS command execution as root via subprocess.check_output. Documented impac...

8.8CVSS9.1AI score0.88564EPSS
Exploits2References8Affected Software1
Cvelist
Cvelistadded 2024/01/01 12:0 a.m.19 views

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

9.3AI score0.88564EPSS
Exploits2References8
Kitploit
Kitploitadded 2019/05/10 12:42 p.m.300 views

ReconT - Reconnaisance / Footprinting / Information Disclosure

Recon-Tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from. Features Information Security Headers WAF Detector Banner Grabbing Phone Number Credit Card Number Email US Social Security Number Url Crawl Dom Paramter Url Internal Dynamic...

7.1AI score
Exploits0References1
n0where
n0whereadded 2015/05/04 12:2 p.m.28 views

Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

7.7AI score
Exploits0References3
Rows per page
Query Builder