A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
7.4AI Score
0.0004EPSS
Description I discovered previously unidentified instance https://████/ (██████.mil) in ███ network, vulnerable to the CVE-2018-0296 (https://vulners.com/cve/CVE-2018-0296) POC curl -i -k "https://█████████/+CSCOU+/../+CSCOE+/files/file_list.json" --path-as-is ██████ We can disclose user sessions.....
7.5CVSS
6.7AI Score
0.974EPSS
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...
7.1AI Score
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...
7.1AI Score
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
7.5AI Score
0.001EPSS
Description We were able to identify endpoint which prints request headers into the page. This included sensitive HTTPOnly session cookies which shouldn't be accessible in the DOM. POC https://█████████/csstest ███████ There will be JSESSIONID cookie reflected. Suggested fix Remove the page, it's.....
6.4AI Score
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted...
Silverstripe Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...
7.2AI Score
Silverstripe Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...
7.2AI Score
WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin...
6.1CVSS
6AI Score
0.001EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
7.8AI Score
EPSS
How to Configure an Air-Gapped Veeam Kasten for Kubernetes Deployment Using JFrog Artifactory
This article provides a step-by-step approach to configuring a JFrog Artifactory server and installing Veeam Kasten for Kubernetes. This allows for creating an air-gapped installation using a private container registry to install Veeam Kasten for Kubernetes. While this can always be done manually,....
7AI Score
defense-and-society.org Cross Site Scripting vulnerability OBB-3864950
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
WP Force SSL & HTTPS SSL Redirect < 1.67 - Missing Authorization to Settings Update
Description The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers,...
4.2CVSS
6.4AI Score
0.001EPSS
CVE-2024-26606 binder: signal epoll threads of self-work
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read...
7.3AI Score
0.0004EPSS
Summary: Hey team, I have found this API endpoint leads to leaking attachments and documents of users. The attachments leaked are banks taxes, contracts, PII such as full address and mobile number, emails, etc. The vulnerable URL is at [https://www.████████/Download.aspx?id=4675] Steps To...
6.8AI Score
Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
5.2AI Score
0.0004EPSS
CVE-2024-26606 binder: signal epoll threads of self-work
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read...
6.6AI Score
0.0004EPSS
Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...
10CVSS
8AI Score
0.974EPSS
In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for...
3.1CVSS
6.6AI Score
0.001EPSS
Description During poking around ██████.00/24 range - ██████████ looking for the Cisco devices, I came across ███ which resolved to the https://███████.edu/ While it's a not .mil host, it's likely related to the DoD since it hosted in the DoD-controlled ASN. I discovered few critical...
7.4AI Score
Cisco ASA - Local File Inclusion
Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...
7.5CVSS
7.9AI Score
0.974EPSS
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
CVE-2024-30088 Bug: Bug is inside function...
7CVSS
7.4AI Score
0.0004EPSS
This module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which.....
7.6AI Score
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
ThemeBleed Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")...
8.9AI Score
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
Weakness: CWE-367:...
7CVSS
7AI Score
0.0004EPSS
Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...
8.6CVSS
7.3AI Score
0.001EPSS
Description We identified XSS via cookie name on the https://www2.███████/nssi/core/dot_stu_reg/Registration.aspx endpoint. The first cookie name is getting reflected on the page without sanitization: █████ POC (you can use Chrome Incognito mode for clear experiment) To trigger XSS on the...
5.6AI Score
JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory...
7.5CVSS
6.8AI Score
0.001EPSS
Cisco ASA/FTD Software - Cross-Site Scripting
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities...
6.1CVSS
6.4AI Score
0.971EPSS
A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is...
7.1CVSS
7AI Score
0.0004EPSS
symfony/dependency-injection is vulnerable to XML Entity Expansion (XEE) . The vulnerability is due to XML Entity Expansion (XEE) attacks, where the use of libxml2 lacks defense against XEE Quadratic Blowup Attacks (QBA), allowing long entities to create a memory sink for Denial of Service attacks....
7AI Score
symfony/symfony is vulnerable to XML Entity Expansion. The vulnerability is due to all extensions that use libxml2 having no defense against Quadratic Blowup Attacks, which involve defining a long entity that is repeatedly referenced within the XML document, thus creating a potential memory sink...
7AI Score
Zabbix Server Brute Force Utility
This module attempts to login to Zabbix server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the Zabbix default login (Admin:zabbix) and guest...
7.5AI Score
Apache Axis2 Brute Force Utility
This module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It has been verified to work on at least versions 1.4.1 and...
7.5AI Score
Granting access of protected ContentProviders on behalf of Launcher
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Password brute force attack in github.com/IceWhaleTech/CasaOS-UserService
The CasaOS web application does not have protection against password brute force attacks. An attacker can use a password brute force attack to find and gain full access to the server. This vulnerability allows attackers to get super user-level access over the...
9.1CVSS
7.3AI Score
0.0004EPSS
DB2 Authentication Brute Force Utility
This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE...
7.4AI Score
Libraries that implement HTTP/2 are vulnerable to Denial Of Service (DoS). The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...
7.5CVSS
6.7AI Score
0.732EPSS
ASP.NET and .NET are vulnerable to Denial of Service. The vulnerability is due to the Kestrel web server detecting a malicious client but failing to disconnect, resulting in Denial of...
7.5CVSS
6.8AI Score
0.007EPSS
Mattermost leaks details of AD/LDAP groups of a teams
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member...
4.3CVSS
7AI Score
0.0004EPSS
libexpat is vulnerable of Denial of service. The vulnerability due to many full reparsings are required in the case of a large token for which multiple buffer fills are needed. It leads to the exhaustion of available...
7.5CVSS
6.8AI Score
0.001EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....
8.4CVSS
10AI Score
0.003EPSS
samba is vulnerable to Denial of Service (DoS) attacks. This vulnerability occurs when Samba parses a specially crafted RPC request. If the request is valid, Samba will enter an infinite loop. This could cause Samba to consume excessive CPU resources and eventually...
7.5CVSS
6.7AI Score
0.033EPSS
Overview OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate....
6.5CVSS
6.9AI Score
0.001EPSS
langchain is vulnerable to a Denial-of-Service (DoS). The vulnerability is due to infinite recursion in the parse_sitemap method, which results in an infinite loop that exceeds the maximum recursion depth in...
4.2CVSS
6.7AI Score
0.0004EPSS
ZenML is vulnerable to a Denial Of Service (DoS). The vulnerability is due to improper handling of line feed (\n) characters in component names, allowing an attacker to cause uncontrolled resource consumption by adding a component through an API endpoint...
4.3CVSS
6.6AI Score
0.0004EPSS
eventlet and dnspython are vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of enforcing the preferred behavior of waiting for a valid packet during DNS name resolution, allowing remote attackers to interfere with the resolution process by quickly sending an invalid packet....
6.4AI Score
0.0004EPSS
org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold...
6.5AI Score
0.0004EPSS
Magick is vulnerable to Denial of Service (DoS) attacks. Applications using the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() methods to check a DH key or DH parameters may encounter lengthy delays. If the key or parameters being verified have come from an unreliable source, this might...
5.3CVSS
6.8AI Score
0.002EPSS