Lucene search
K

896 matches found

cvelist
cvelist
added 2024/10/24 9:39 p.m.33 views

CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...

4.6CVSS0.0014EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/10/24 9:39 p.m.16 views

CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...

4.6CVSS7AI score0.0014EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/10/23 12:0 a.m.7 views

The vulnerability of web-servers of microprogramming software for devices such as SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, allows a perpetrator to cause service interruptions.

The vulnerability of web-servers of microprogramming software for SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, is related to errors in variable name assignments. Exploiting this vulnerability can allow attackers to cause system failures...

5.9CVSS5.5AI score0.00453EPSS
Exploits0References4Affected Software7
openvas
openvas
added 2024/10/22 12:0 a.m.15 views

Eclipse Jetty DoS Vulnerability (GHSA-r7m4-f9h5-gr79) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

6.5CVSS6.4AI score0.00949EPSS
Exploits0References2
cvelist
cvelist
added 2024/10/01 5:47 a.m.38 views

CVE-2024-8421

...

Exploits0
packetstorm
packetstorm
added 2024/09/01 12:0 a.m.219 views

Emby SSRF HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Emby SSRF HTTP Scanner', 'Description' = 'Generates a GET request to the provided web servers and executes an SSRF against the targeted EMBY...

9.8CVSS7AI score0.87154EPSS
Exploits4
redos
redos
added 2024/08/28 12:0 a.m.327 views

ROS-20240827-15

A vulnerability in the ngxhttpv4module module of the NGINX Plus and NGINX OSS web servers is related to reading out-of-bounds memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

5.7CVSS6.5AI score0.0032EPSS
Exploits0
githubexploit
githubexploit
added 2024/08/17 2:1 a.m.406 views

Exploit for OS Command Injection in Php

Fastest CVE-2024-4577 Exploitation Tool Description: PHP C...

9.8CVSS9.8AI score0.99987EPSS
Exploits64
thn
thn
added 2024/08/02 9:56 a.m.43 views

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service BITS as a command-and-control C2 mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Lab...

7.4AI score
Exploits0
bdu_fstec
bdu_fstec
added 2024/07/24 12:0 a.m.7 views

The vulnerability of RUGGEDCOM microprogrammed Ethernet switches’ web servers allows attackers to gain unauthorized access to the hash values and passwords of all system users.

The vulnerability of web servers running microprogrammed Ethernet switches from RUGGEDCOM is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the hash values and passwords of all system users...

7.5CVSS7.2AI score0.00444EPSS
Exploits0References4Affected Software108
openvas
openvas
added 2024/07/18 12:0 a.m.31 views

Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Linux

Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.4AI score0.04134EPSS
Exploits3References2
thn
thn
added 2024/07/03 3:33 a.m.34 views

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

An unnamed South Korean enterprise resource planning ERP vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center ASEC, which identified the attack in May 2024, did not attribute it to a known threat act...

7.6AI score
Exploits0
cnvd
cnvd
added 2024/05/22 12:0 a.m.5 views

XAMPP Resource Management Error Vulnerability

XAMPP is an easy-to-install Apache distribution that includes MariaDB, PHP, and Perl. the product is primarily used for building web servers. A resource management error vulnerability exists in XAMPP 7.3.2 and earlier versions, which stems from a failure to properly handle incoming error messages...

7.5CVSS6.7AI score0.00443EPSS
Exploits0References1
openvas
openvas
added 2024/05/07 12:0 a.m.35 views

aiohttp < 3.8.6 HTTP Request Smuggling Vulnerability - Windows

aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.5AI score0.0085EPSS
Exploits1References1
openvas
openvas
added 2024/05/07 12:0 a.m.29 views

aiohttp < 3.9.0 Multiple Vulnerabilities - Windows

aiohttp is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...

7.2CVSS5.5AI score0.0094EPSS
Exploits2References2
openvas
openvas
added 2024/05/07 12:0 a.m.27 views

aiohttp < 3.8.5 HTTP Request Smuggling Vulnerability - Linux

aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.6AI score0.03906EPSS
Exploits2References1
rocky
rocky
added 2024/05/06 1:4 p.m.23 views

varnish security update

An update is available for module.varnish, varnish-modules, varnish, module.varnish-modules. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a...

7.5CVSS7.2AI score0.03663EPSS
Exploits0
osv
osv
added 2024/04/24 7:15 p.m.3 views

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

8.6CVSS5.9AI score0.70686EPSS
Exploits1References3
cve
cve
added 2024/04/24 6:15 p.m.470 views

CVE-2024-20353

CVE-2024-20353 affects Cisco ASA/FTD Web Services. The vulnerability stems from incomplete error checking when parsing HTTP headers, allowing an unauthenticated remote attacker to trigger a reload and cause a DoS. Exploitation is referenced by multiple sources, including CISA’s Known Exploited Vu...

8.6CVSS8.4AI score0.70686EPSS
In wildExploits1References3Affected Software1
cisco
cisco
added 2024/04/24 4:0 p.m.55 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

8.6CVSS8.5AI score0.70686EPSS
Exploits1References1
Rows per page
Query Builder