173 matches found
SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...
CVE-2016-6311
It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...
CVE-2019-17224
The web interface of the Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of th...
Path traversal
The web interface of the Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of th...
ZEIT: Unauthorized admission to any team in zeit.co
step no.1: open : https://zeit.co/teams/invite/ XXXX and this is a code "CzKyCgbB" of joining in a team called "maxhacker" if we generate a list consists of 8 capital and small letters with any generate tools F565462 knowing that the invitation code of any team is constant...
Information Disclosure
Red Hat JBoss Enterprise Application Platform is vulnerable to information disclosure. GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. A remote attacker could us...
CVE-2018-1000875
Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...
Authentication flaw
Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...
CVE-2018-1000875
CVE-2018-1000875 affects BOINC Server and Website Code versions 0.9–1.0.2. The vulnerability is a CWE-302 Authentication Bypass by Assumed-Immutable Data on the Website Terms of Service Acceptance Page, allowing access to any user account via a specially crafted URL. The issue is reported as fixe...
Command Execution Vulnerability in Multiple Interfaces of TP_LINK TL-WAR302 Router
TPLINK TL-WAR302 is an enterprise-grade 300M wireless VPN router with support for multiple VPN clients and Internet behavior management. A command execution vulnerability exists in multiple interfaces of the TPLINK TL-WAR302 router. The vulnerability is caused due to TP-LINK WAR302 multiple...
Brave Software: OPEN REDIRECTION at every 302 HTTP CODE
Summary i guess every 302 HTTP CODE on https://publishers.basicattentiontoken.org possible to OpenRedirection Steps To Reproduce: 1. I edited the request when i got redirected from this request url...
EAP7: Internal IP address disclosed on redirect when request header Host field is not set
It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...
Open-Xchange: SSRF in VCARD photo upload functionality
FYI - Tested on local installation of App Suite 7.8.4 REV 14, CentOS 7.4, x64 Hello, I believe I may have found another SSRF re-direct vulnerability which again will allow port scanning of the App Suite server and the internal network, this is similar to my earlier report: 293847 The endpoint is...
Paragon Initiative Enterprises: CSRF token does not valided during blog comment
SUMMURY ================= i tested that all post request has CSRF token. During Author profile creation also a CSRF token is posted. Now when i removed this CSRF token , show s error like bellow CSRF validation failed 0 /var/www/csprng/src/Cabin/Bridge/Controller/Author.php52:...
Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit
Exploit kit EK activity has been on the decline ever since Angler Exploit Kit was shut down in 2016. Fewer people using Internet Explorer and a drop in browser support for Adobe Flash – two primary targets of many exploit kits – have also contributed to this decline. Additionally, some popular...
Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain
Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that...
Cuvva: CRLF Injection [vpn.corp.cuvva.com]
Hi team, Found a CRLF injection in vpn.corp.cuvva.com Poc https://vpn.corp.cuvva.com/sessionstart/%0aSet-Cookie:NEWCOOKIE123 Response: HTTP/1.1 302 Found Date: Wed, 24 May 2017 18:13:57 GMT Connection: close Content-Type: text/html; charset=UTF-8 Location: https://vpn.corp.cuvva.com/...
CVE-2016-6877
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an...
Design/Logic Flaw
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an...
CVE-2016-6877
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an...