Search the Community
Showing results for tags 'cve'.
-
Downloads Information from NIST (CVSS), first.org (EPSS), and CISA (Exploited Vulnerabilities) and combines them into one list. Reports from vulnerability scanners like OpenVAS can be enriched with this information to prioritize remediation. The repository also contains a PowerBI template to show how such a dashboard can be created. [hide][Hidden Content]]
-
- 1
-
- cve
- vulnerability
-
(and 2 more)
Tagged with:
-
OpenCVE OpenCVE (formerly known as Saucs) is a platform that alerts you about new vulnerabilities related to the CVE list. How does it work OpenCVE uses the JSON feed provided by the NVD to be synchronized. After an initial import, a background task is regularly executed to check changes in the list. If a new CVE is added, or if a change is detected, the subscribers of the related vendors and products will be alerted. For now, the only method of notification is the mail, but we plan to add other integrations (webhooks, Slack, Jira, PagerDuty, OpsGenie…). Changelog v1.2 This release introduces 2 new migrations: one to create the cves_tags and users_tags tables, the other to add GIN indexes on cves.summary and cves.cve_id columns. The GIN indexes is part of the pg_trgm module of PostgreSQL. The opencve upgrade-db command will enable it for you, but you can also do it yourself if you prefer (CREATE EXTENSION pg_trgm). From PostgreSQL 13 this module is considered as trusted, meaning it can be installed by non-superusers with the CREATE privilege. These indexes act on common and widely used columns, so we recommend you to stop the workers (web & celery) during the upgrade. Added Improved search functionality on /cve Add GIN indexes on cves.summary and cves.cve_id New API Endpoint (user subscriptions) Add the tags feature Fixed trim() the text of the ‘Subscribe’ button CVE can be filtered by CWE and vendor in the same query Default tag color wasn’t correctly handled [hide][Hidden Content]]
-
Zimbra Collaboration User Enumeration Script (CVE-2018-10949) How to use The argument --host must be the hostname or IP address of Zimbra Collaboration Web Application root page, and --userlist an list of usernames to check against it. root@kali# ./cve-2018-10949-user-enum.py --host [Hidden Content] --userlist /tmp/emails.txt And it should spill out valid e-mails! [Hidden Content]
-
- 2
-
- user
- collaboration
-
(and 6 more)
Tagged with:
-
CVE-2018-15473-Exploit Exploit written in Python for CVE-2018-15473 with threading and export formats Threading - default 5 If more than 10 are used, often the OpenSSH service gets overwhelmed and causes retries Single username evaluation via username parameter Multiple username evaluation via userList parameter Multiple username evaluation file output via outputFile parameter Multiple output formats (list, json, csv) via outputFormat parameter An example username input file is given in exampleInput.txt An example results output file in List format is given in exampleOutput.txt An example results output file in JSON format is given in exampleOutput.json An example results output file in CSV format is given in exampleOutput.csv Build the image: docker build -t cve-2018-15473 . Run the exploit: docker run cve-2018-15473 -h Delete containers and image: docker ps -a | awk '$2 == "cve-2018-15473" {print $1}' | xargs docker rm docker rmi cve-2018-15473 [Hidden Content]
-
CVE-2018-7600 - Drupal 7.x RCE Drupal < 7.58 unauthenticated RCE Requirements python3 python requests (pip install requests) Usage Install dependencies modify the HOST variable in the script run the code win Just install requests (pip install requests), edit the file to change the host and run the exploit: python .\poc.py uid=33(www-data) gid=33(www-data) groups=33(www-data) [{"command":"settings",...... [hide][Hidden Content]]
- 3 replies
-
- 12