4774 matches found
XSS and Information Disclosure Vulnerabilities in ASG and ProxySG
SUMMARY The Symantec ASG and ProxySG FTP proxy WebFTP mode is susceptible to XSS and information disclosure vulnerabilities. A remote attacker can inject malicious JavaScript code in the web listing of a remote FTP server and obtain authentication credentials for a remote FTP server. AFFECTED...
Endian Firewall 3.3.0 Cross Site Scripting
Exploit Title: Endian Firewall cross-site scripting XSS Date: 08/22/2019 Exploit Authors: Milad Soltanian + G0dfather @irpwn Vendor Homepage: https://www.endian.com Version : 3.3.0 An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
Design/Logic Flaw
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
CVE-2019-15052
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
CVE-2019-15052
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
CVE-2019-0345
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...
Server side request forgery (ssrf)
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...
CVE-2019-0345
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...
Amazon Linux 2 : python (ALAS-2019-1258)
A security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is...
Dell EMC Integrated Data Protection Appliance Multiple Security Vulnerabilities
Description Dell EMC Integrated Data Protection Appliance is prone to multiple security vulnerabilities. Attackers can exploit these issues to steal cookie-based authentication credentials, control how the page is rendered to the user, obtain sensitive information or bypass certain security...
FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure
FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN...
Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability
Description Microsoft Azure DevOps Server and Team Foundation Server are prone to an cross-site scripting vulnerability because they fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
CVE-2019-6525
AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account...
Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Team Foundation Server CVE-2019-0867 Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Cross-Site Request Forgery (CSRF)
Apache Geronimo application server is vulnerable to cross-site request forgery. Attackers can exploit the vulnerability to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, or perform certain administrative actions...
CVE-2019-9834
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...
CVE-2019-9834
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...
CVE-2019-9834
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...
March 12, 2019—KB4489872 (OS Build 10240.18158)
March 12, 2019—KB4489872 OS Build 10240.18158 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates time zone information for Chile. Addresses an issue that prevents recognition of the...