Lucene search
K
PacketstormRecent

50784 matches found

Packet Storm
Packet Storm
added 2021/06/22 12:0 a.m.120 views

Fedora / Gnome fscaps Issue

fedora: gnome not using fscaps safely I happened to notice a minor issue while working a tool I'm writing, I'm not sure if gnome or the fedora package is to blame, but it seems gnome-shell is now given capsysnice: $ rpm -qf /bin/gnome-shell gnome-shell-3.38.4-1.fc33.x8664 $ getcap /bin/gnome-shel...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/22 12:0 a.m.103 views

Customer Relationship Management System 1.0 Remote Code Execution

Exploit Title: Customer Relationship Management System CRM 1.0 - Remote Code Execution Date: 21.06.2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/22 12:0 a.m.281 views

Websvn 2.6.0 Remote Code Execution

Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Date: 20/06/2021 Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE :...

10CVSS9.6AI score0.86716EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/06/22 12:0 a.m.285 views

WordPress Admin Columns Cross Site Scripting

Advisory ID: SYSS-2021-032 Product: Admin Columns WordPress Plug-In Manufacturer: Codepress Affected Versions: 5.5.2 Pro version, 4.3.2 Free version Tested Versions: 5.5.1 Pro version, 4.3 Free version Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Fixed...

0.00932EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/06/22 12:0 a.m.277 views

Responsive Tourism Website 3.1 Remote Code Execution

Exploit Title: Responsive Tourism Website 3.1 - Remote Code Execution RCE Unauthenticated Date: 22.06.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14838/simple-responsive-tourism-website-using-php-free-source-code.html Version: V 3.1 Tested on: MacOS &...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/22 12:0 a.m.161 views

Phone Shop Sales Managements System 1.0 Insecure Direct Object Reference

Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference IDOR Date: 21/06/2021 Exploit Author: Pratik Khalane Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/22 12:0 a.m.495 views

Solaris SunSSH 11.0 Remote Root

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...

10CVSS0.1AI score0.80291EPSS
Exploits13
Packet Storm
Packet Storm
added 2021/06/20 12:0 a.m.160 views

Simple CRM 3.0 Cross Site Scripting

Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/20 12:0 a.m.217 views

Lexmark Printer Software G2 Installation Package 1.8.0.0 Unquoted Service Path

Exploit Title: Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LMbdsvc' Unquoted Service Path Date: 2021-06-20 Exploit Author: Julio Aviña Vendor Homepage: https://www.lexmark.com/ Software Link:...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/20 12:0 a.m.126 views

Simple CRM 3.0 Cross Site Request Forgery

Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaD...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/19 12:0 a.m.185 views

Backdoor.Win32.Hupigon.aaio Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c38cd09fd5ebd1f0cc378804b2da08c4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aaio Vulnerability: Remote Stack Buffer Overflow Description: The malware...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/18 12:0 a.m.131 views

ICE Hrm 29.0.0.OS Cross Site Scripting

Exploit Title: ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting XSS Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description The file upload feature in ICE Hrm Version 29.0.0.OS allows remote...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/18 12:0 a.m.175 views

Node.JS Remote Code Execution

Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 3 Date: 17.06.2021 Exploit Author: Beren Kuday GORUN Vendor Homepage: https://github.com/luin/serialize Software Link: https://github.com/luin/serialize Version: 0.0.4 Tested on: Windows & Ubuntu CVE : 2017-5941 var serialize =...

7.5CVSS9.6AI score0.61025EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/06/18 12:0 a.m.114 views

OpenEMR 5.0.1.7 Path Traversal

Exploit Title: OpenEMR 5.0.1.7 - 'fileName' Path Traversal Authenticated Date 16.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5017.zip Version: All versions prior to 5.0.2 Tested on:...

4CVSS7.5AI score0.66891EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/06/18 12:0 a.m.140 views

Trojan-Dropper.Win32.Googite.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4a8d6bc838c09c6701abfa8b283fd0de.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Googite.b Vulnerability: Unauthenticated Remote Command Execution Description:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/18 12:0 a.m.115 views

iFunbox 4.2 Unquoted Service Path

Exploit Title: iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path Date: 2021-06-18 Exploit Author: Julio Aviña Vendor Homepage: https://www.i-funbox.com/en/index.html Software Link: https://www.i-funbox.com/download/ifunboxsetup4.2.exe Version: 4.2 Service File Version: 486.0.2.23...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/18 12:0 a.m.108 views

ICE Hrm 29.0.0.OS Cross Site Scripting / Session Fixation

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to session...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/18 12:0 a.m.133 views

ICE Hrm 29.0.0.OS Cross Site Request Forgery

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.283 views

VX Search 13.5.28 Unquoted Service Path

Exploit Title: VX Search 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.vxsearch.com Software Links: https://www.vxsearch.com/setupsx64/vxsearchsrvsetupv13.5.28x64.exe...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.276 views

Workspace ONE Intelligent Hub 20.3.8.0 Unquoted Service Path

Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 06-16-2021 Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.362 views

VeryFitPro 3.2.8 Insecure Transit

Trovent Security Advisory 2105-01 Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application...

0.1AI score0.01094EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.322 views

Disk Savvy 13.6.14 Unquoted Service Path

Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.disksavvy.com Software Links: https://www.disksavvy.com/setupsx64/disksavvysrvsetupv13.6.14x64.exe...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.269 views

Online Shopping Portal 3.1 Shell Upload

Exploit Title: Online Shopping Portal 3.1 - Remote Code Execution Unauthenticated Date: 17.06.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: V3.1 Tested on: Windows & Ubuntu import requests import random import string url =...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.315 views

Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE CVE-2021-1499', 'Description' = %q This module exploits an unauthenticated fi...

5CVSS0.3AI score0.80426EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.286 views

OpenEMR 5.0.1.3 Authentication Bypass

Exploit Title: OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass Date 15.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: All versions prior to 5.0.1...

6.4CVSS0.4AI score0.25935EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.279 views

Dup Scout 13.5.28 Unquoted Service Path

Exploit Title: Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.dupscout.com Software Links: https://www.dupscout.com/setupsx64/dupscoutsrvsetupv13.5.28x64.exe...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.333 views

Trojan.Win32.Alien.erf Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/57ab194d8c60ee97914eda22e4d71b68B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Alien.erf Vulnerability: Remote Stack Buffer Overflow Description: The malware deploys...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.291 views

Email-Worm.Win32.Kipis.a Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/aa703bc17e3177d3b24a57c5d2a91a0c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.a Vulnerability: Unauthenticated Remote Code Execution Description: The malwa...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.1522 views

Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://microsoft.com/sharepoint/webpartpages', 'soap' = 'http://www.w3.org/2003/05/soap-envelope', 'xsi' =...

6.5CVSS0.5AI score0.30045EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.340 views

Sync Breeze 13.6.18 Sync Breeze 13.6.18 Unquoted Service Path

Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.syncbreeze.com/ Software Links: https://www.syncbreeze.com/setupsx64/syncbreezesrvsetupv13.6.18x64.exe...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.228 views

Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration

Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration CVE-2021-31159 Date: 17/06/2021 Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com...

0.17772EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.309 views

Unified Office Total Connect Now 1.0 SQL Injection

Exploit Title: Unified Office Total Connect Now 1.0 – 'data' SQL Injection Shodan Filter: http.title:"TCN User Dashboard" Date: 06-16-2021 Exploit Author: Ajaikumar Nadar Vendor Homepage: https://unifiedoffice.com/ Software Link: https://unifiedoffice.com/voip-business-solutions/ Version: 1.0...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.301 views

Trojan.Win32.Alien.erf Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/57ab194d8c60ee97914eda22e4d71b68.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Alien.erf Vulnerability: Remote Denial of Service Description: The malware deploys a SM...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.209 views

CKEditor 3 Server-Side Request Forgery

Exploit Title: CKEditor 3 - Server-Side Request Forgery SSRF Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html Date: 12-6-2021 Exploit Author: Blackangel Software Link: https://ckeditor.com/ Version:all version under 4 1,2,3 Tested on: windows 7 Steps of Exploit:- 1-using google...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.195 views

Cotonti Siena 0.9.19 Cross Site Scripting

Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting Date: 2021-15-06 Exploit Author: Fatih İLGİN Vendor Homepage: cotonti.com Vulnerable Software: https://www.cotonti.com/download/siena0919 Affected Version: 0.9.19 Tested on: Windows 10 Vulnerable Parameter Type: POST...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.191 views

DiskPulse 13.6.14 Unquoted Service Path

Exploit Title: DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://www.diskpulse.com Software Links: https://www.diskpulse.com/setupsx64/diskpulseentsetupv13.6.14x64.exe...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.174 views

Disk Sorter Server 13.6.12 Unquoted Service Path

Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Date: 15-06-2021 Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.203 views

Teachers Record Management System 1.0 SQL Injection

Exploit Title: Teachers Record Management System 1.0 – Multiple SQL Injection Authenticated Date: 05-10-2021 Exploit Author: nhattruong or https://nhattruong.blog Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/...

Exploits0
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.211 views

Teachers Record Management System 1.0 Cross Site Scripting

Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting XSS vulnerability Authenticated Date: 05-10-2021 Exploit Author: nhattruong or https://nhattruong.blog Vendor Homepage: https://phpgurukul.com Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.164 views

Online Library Management System 2.0 Cross Site Request Forgery

Exploit Title: Online Library Management System Date:15/06/2021 Exploit Author : Mohit Dabas Vendor Homepage : https://phpgurukul.com Software Link : https://phpgurukul.com/online-library-management-system/ Version: 2.0 Tested on : LAMPP Description Online Library Management System has got CSRF i...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.143 views

Client Management System 1.1 Cross Site Scripting

Exploit Title: Client Management System 1.1 - 'username' Stored Cross-Site Scripting XSS Date: 14 June 2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.209 views

Brother BRAgent 1.38 Unquoted Service Path

Exploit Title: Brother BRAgent 1.38 - 'WBAAgentClient' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://brother.com Software Link: https://support.brother.com/g/b/downloadhowto.aspx?c=us&lang=en&prod=ads1000wus&os=10013&dlid=dlf002778000&flang=4&type3=...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.293 views

Polkit 0.105-26 0.117-2 Privilege Escalation

Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Date: 06/11/2021 Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit...

0.3AI score0.22193EPSS
Exploits37
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.121 views

Sami HTTP Server 2.0 Denial Of Service

!/usr/bin/perl -w Date: 06/14/2021 14 Jun Version Vulnerable: Sami HTTP 2.0 OS Tested: Windows XP PACK 3 Brazilian use IO::Socket; $sis="$^O"; print $sis; if $sis eq "windows" $cmd="cls"; else $cmd="clear"; system"$cmd"; if !$ARGV0 || !$ARGV1 &apresentacao; exit; sub apresentacao print q Sami HTT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.189 views

SysGauge 7.9.18 Unquoted Service Path

Exploit Title: SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://www.sysgauge.com Software Link: https://www.sysgauge.com/setups/sysgaugesrvsetupv7.9.18.exe Tested Version: 7.9.18 Vulnerability Type: Unquoted Service...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.244 views

Brother BRPrint Auditor 3.0.7 Unquoted Service Path

Exploit Title: Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://support.brother.com/ Software Links:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.121 views

Client Management System 1.1 SQL Injection

Exploit Title: Client Management System 1.1 - 'Search' SQL Injection Date: 14 June 2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP Description Client...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.288 views

IPFire 2.25 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE', 'Description' = %q This module exploits an authenticated command injection...

8.8AI score0.58725EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.194 views

SAP Solution Manager 7.2 (ST 720) Open Redirection

Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis Impact on Business Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service. Advisory Information - Public Release Dat...

5.8CVSS5.3AI score0.02338EPSS
Exploits1
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.327 views

SAP Netweaver JAVA 7.50 Missing Authorization

Onapsis Security Advisory 2021-0013: CVE-2020-26829 - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the...

9CVSS0.4AI score0.04708EPSS
Exploits1
Total number of security vulnerabilities50784