Lucene search
K

51 matches found

Debian CVE
Debian CVE
added 2023/11/29 2:38 p.m.19 views

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

6.8CVSS6.2AI score0.00613EPSS
Exploits0
Veracode
Veracode
added 2023/07/26 4:5 a.m.21 views

Path Traversal

shiro-web is vulnerable to Path Traversal. The vulnerability exists because the InvalidRequestFilter.java does not properly validate the URLs, which allows an attacker to access files outside the expected directory, leading to an authentication bypass when used together with APIs or other web...

9.8CVSS6.7AI score0.01533EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/24 9:30 p.m.28 views

Path Traversal in Apache Shiro

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...

9.8CVSS9.4AI score0.01533EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/07/24 7:15 p.m.20 views

CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...

9.8CVSS9.6AI score0.01533EPSS
Exploits0References3
Kitploit
Kitploit
added 2023/07/08 12:30 p.m.38 views

Blacklist3r - Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks

The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these...

7.5AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/06/07 4:7 p.m.28 views

Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder

Impact A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift...

7.5CVSS6.8AI score0.00608EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2023/03/30 10:8 a.m.3 views

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/30 10:8 a.m.56 views

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...

6.8AI score
Exploits0
Gitee
Gitee
added 2022/06/20 3:19 p.m.5 views

vulhub

This repository is an open-source collection of vulnerable web applications and environments for security research and training. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of vulnerable applications, including web servers, databases, and other systems, to...

7.1AI score
Exploits0
Fedora
Fedora
added 2021/05/23 1:7 a.m.92 views

[SECURITY] Fedora 34 Update: python-databases-0.4.3-2.fc34

Databases gives you simple asyncio support for a range of databases. It allows you to make queries using the powerful SQLAlchemy Core expression language, and provides support for PostgreSQL, MySQL, and SQLite. Databases is suitable for integrating against any async Web framework, such as...

5CVSS0.7AI score0.00967EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/03/18 9:22 p.m.109 views

WordPress, Apache Struts Attract the Most Bug Exploits

WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...

7.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/03/18 9:22 p.m.192 views

WordPress, Apache Struts Attract the Most Bug Exploits

WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...

7.7AI score
Exploits0References6
Kitploit
Kitploit
added 2018/07/27 9:54 p.m.16 views

WAScan v0.2.1 - Web Application Scanner

WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application,...

0.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/05/10 8:23 p.m.11 views

GandCrab Ransomware Found Hiding on Legitimate Websites

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...

0.5AI score
Exploits0References3
n0where
n0where
added 2017/09/19 5:12 a.m.20 views

Web Application Security Scanner: Spaghetti

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...

0.1AI score
Exploits0References1
CNVD
CNVD
added 2017/03/30 12:0 a.m.4 views

Gazelle cross-site scripting vulnerability (CNVD-2017-05627)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in Gazelle. A remote attacker could exploit this vulnerability to execute arbitrary HTML and script...

6.1CVSS6.5AI score0.01051EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/08/15 12:0 a.m.13 views

Fedora 19 : v8-3.14.5.10-11.fc19 (2014-9113)

TJ Fontaine of the Node.js project reports : A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an...

5.6AI score
Exploits0References16
OpenVAS
OpenVAS
added 2013/05/09 12:0 a.m.36 views

Fedora Update for rubygem-rack FEDORA-2013-2315

Check for the Version of rubygem-rack OpenVAS Vulnerability Test Fedora Update for rubygem-rack FEDORA-2013-2315 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.1CVSS0.05281EPSS
Exploits0References2
Fedora
Fedora
added 2013/05/07 6:33 p.m.42 views

[SECURITY] Fedora 18 Update: rubygem-rack-1.4.0-5.fc18

Rack provides a common API for connecting web frameworks, web servers and layers of software in between...

5.1CVSS4.1AI score0.05281EPSS
Exploits0
Fedora
Fedora
added 2013/05/07 6:29 p.m.35 views

[SECURITY] Fedora 17 Update: rubygem-rack-1.4.0-4.fc17

Rack provides a common API for connecting web frameworks, web servers and layers of software in between...

5.1CVSS4.1AI score0.05281EPSS
Exploits0
Rows per page
Query Builder