173 matches found
CVE-2022-26158
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...
Design/Logic Flaw
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...
CVE-2022-26158
CVE-2022-26158 affects Cherwell Service Management (CSM) 10.2.3 web application, where a client-controlled Host header is reflected and can trigger a 302 redirect to an attacker-controlled page by injecting a malicious URL in Host. This creates an indirect navigation/redirect vulnerability. Affec...
Server-Side Request Forgery (SSRF)
Description The SSRF Protection is incomplete and can be bypassed via an HTTP redirect, the python-requests library will follow redirections by default can be disabled byallowredirects=False. An attacker can set up their HTTP server to respond with a 302 redirect to redirect the request to...
Server-Side Request Forgery (SSRF) in dompdf/dompdf
Description DomPDF uses filegetcontents to obtain HTTP files when allowurlfopen is "On". On default contexts, filegetcontents will redirect whenever served with a 302 response. When developers use DomPDF with isRemoteEnabled set to "true" and allowurlfopen set to "true", but restrict IP addresses...
None in babybuddy/babybuddy
✍️ Description Improper restriction at login portal which lets an attacker brute force user's accounts. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1udzAGroSqDbEqPRYlUzv7bHgHq7oMNuk/view?usp=sharing You will get 200 for incorrect as it opens the same page for login and 302...
Open Redirection
github.com/prometheus/prometheus is vulnerable to open redirection. An attacker is able to redirect a user to a malicious endpoint via a HTTP 302 response...
Microsoft Edge using MDX microVPN to connect to Citrix Gateway is seen to redirect many times unexpectedly
When using Microsoft Edge, you may experience random loading of Bookmarked websites, previously visited websites or other unexpected browser redirects HTTP 302, to websites which the user has not chosen to load at the time. Other errors found on closer log examination may appear similar to the...
bunker-302.de Cross Site Scripting vulnerability OBB-1349371
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-12855
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status...
CVE-2020-17466
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses...
Authentication flaw
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses...
CVE-2020-17466
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses...
Information Disclosure
@actions/http-client is vulnerable to information disclosure. When a request that results in a 302 redirect contains a Authorization header, the credentials is disclosed to the other domain...
CVE-2020-11021 HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
Mail.ru: [api.33slona.ru] Доступ к API из за неправильной конфигурации сервера 302 редирет.
A 302 reply for non-authenticated request to api.33slona.ru could leak some static content with HTML body...
Kubernetes: Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.
Hello, Who we are : We’re two French security researchers and our respective names are Brice Augras and Christophe Hauquiert, we worked and found the vulnerability together. Brice Augras from https://www.groupe-asten.fr/ company - https://hackerone.com/reeverzax Christophe Hauquiert -...
Nginx Log Check - Nginx Log Security Analysis Script
Nginx Log Security Analysis Script Features Statistics Top 20 Address SQL injection analysis Scanner alert analysis Exploit detection Sensitive path access File contains attack Webshell Find URLs with response length Top 20 Looking for rare script file access Find script file for 302 redirect Usa...
SD.NET RIM 4.7.3c - idtyp SQL Injection
SD.NET RIM 4.7.3c - idtyp SQL Injection Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link:...
SD.NET RIM 4.7.3c SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...