ysrc/xunfeng

Releases3

Frequency1 week 4 days

Last Release over 8 years ago

Stars3.59K

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-16951 ↗	Sep 12, 2018Wednesday, 12 September 2018, 01:29	—	6 MEDIUM
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.
CVE-2018-16832 ↗	Sep 11, 2018Tuesday, 11 September 2018, 13:29	—	4.3 MEDIUM
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header.