EUVD-2019-2238

Malware in sbrugna...

EUVD-2002-1480

Malware in sbrugna...

CVE-2023-33276

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without...

Error: "StoreFront Monitor Probe Failed" on NetScaler

StoreFront monitor does not work on NetScaler and displays error "StoreFront Monitor Probe Failed". When http monitor is bound to StoreFront service, 200 OK is received in response and service shows as UP. When https monitor is bound to StoreFront service, it fails with error 404 Not Found...

"404 Not Found" Error When Accessing NetScaler Gateway index.html Page After NetScaler Upgrade

Following an NetScaler upgrade, attempting to access the Citrix Gateway index.html page results in a "404 Not Found" error...

CVE-2023-33276

The CVE-2023-33276 issue affects Gira KNX/IP-Router web interface versions 3.1.3683.0–3.3.8.0, where reflecting a non-existent path in the HTTP response without HTML encoding enables reflective cross-site scripting (XSS). Documented by multiple sources (e.g., Red Hat, PRion/PT Security) note the ...

Blind LFI in register-model/get?name=

Description A blind LFI exists in /ajax-api/2.0/mlflow/registered-models/get?name= The response from the server is different depending on if the file exists on the local file system or not. When the arbitrary local file exists, the server responds with 500 INTERNAL SERVER ERROR and when it doesn'...

NetScaler HTTP-ECV monitor probe fails and returns "404 Not Found" response code

The HTTP-ECV monitor fails and returns the 404 Not Found response code. For example, a monitor of the HTTP-ECV type was configured to monitor the status of a backend server using the following as the expected response string: "Response is Successful." The status of the related service was marked ...

CVE-2019-10227

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component...

CVE-2019-10227

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component...

Cross site scripting

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component...

CVE-2019-10227

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component...

CVE-2019-10227

openITCOCKPIT before 3.7.1 is affected by a reflected XSS in the 404-not-found component. The CVE details confirm the issue (XSS) and that a fixed version is 3.7.1. The vulnerability is non-authenticated per CVSS2/3.1 vectors, with impact to integrity. Publicly documented remediation is upgrading...

CVE-2017-2613

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records SECURITY-406. Accessing these URLs now n...

CVE-2014-8380

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...

Cross site scripting

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...

CVE-2014-8380

The CVE-2014-8380 is an XSS vulnerability in Splunk 6.1.1 where the Referer header in a 404 response is not properly sanitized, enabling remote attackers to inject arbitrary script/HTML in the victim’s browser. Multiple connected sources (OpenVAS, Tenable, CVE listings) corroborate this as a Refe...

Information disclosure in the REST API

Jira reports the 404 not-found earlier than the 401 not-authorized. This discloses the non-existence of a specific issue numbers to unauthorized users. While this isn't a huge leak, this could come in useful with social engineering. Proof of concept: Both of the calls below are unauthenticated, a...

SquareCMS 0.3.1 SQL Injection

SquareCMS 0.3.1 post.php Remote SQL Injection Vulnerability found by cOndemned vendor: http://spoolio.co.cc/ download: http://webscripts.softpedia.com/script/Content-Management/Square-CMS-66303.html prior versions may also be affected source of post.php lines 15 - 31: $token = $GET'id'; // 1 if...

CVE-2010-2429

Cross-site scripting XSS vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response...