Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 11:39 p.m.17 views

CVE-2024-40641

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...

7.4CVSS7.6AI score0.00311EPSS
Exploits0
CVE
CVE
added 2024/07/17 5:34 p.m.64 views

CVE-2024-40641

Nuclei (projectdiscovery/nuclei) has a CVE-2024-40641 OS Command Injection vector where unsigned code templates can execute via workflows, exposing arbitrary commands when users can edit/execute workflow files. Connected advisories confirm the root cause is code-template execution without the -co...

7.4CVSS7.6AI score0.00311EPSS
Exploits0References1
Kitploit
Kitploit
added 2022/03/05 8:30 p.m.23 views

Authz0 - An Automated Authorization Test Tool. Unauthorized Access Can Be Identified Based On URLs And RolesAnd Credentials

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials. URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers...

7.6AI score
Exploits0References5
Microsoft Secure
Microsoft Secure
added 2021/08/19 4:0 p.m.41 views

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 10:13 a.m.53 views

Sigma Rules to Live Your Best SOC Life

Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security...

Exploits0
Kitploit
Kitploit
added 2019/01/27 12:48 p.m.168 views

FTW - Framework For Testing WAFs

This project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF. Each rule from the ruleset is loaded into a YAML file that issues HTTP requests that will trigger these rules...

7.6AI score
Exploits0References3
Cvelist
Cvelist
added 2017/11/08 3:0 a.m.32 views

CVE-2017-16615

An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...

9.9AI score0.03415EPSS
Exploits0References3
Rows per page
Query Builder