12 matches found
EUVD-2021-2407
Malware in sbrugna...
GHSA-WWGQ-9JHF-QGW6 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Impact Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email. Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply...
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Impact Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email. Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply...
CVE-2021-41273
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...
CVE-2021-41273
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...
Cross site request forgery (csrf)
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...
CVE-2021-41273 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...
Remote code execution
DISPUTED An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment...
CVE-2018-10682
An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment permits an...
CVE-2018-10682
An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment permits an...
PT-2018-10050 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: WildFly version 10.1.2.Final Description: An issue allows an attacker to access the administration panel without authentication using anonymous access. Once logged in, a misconfiguration permits an anonymous user to deploy a malicious .war...
Uninstalling Veeam Collectors if a System Resource Pool Was Used for Auto-Deployment
Purpose This article documents how to uninstall Veeam Management Pack for Microsoft System Center if during auto-deployment of Veeam Collectors, one of the system resource pools was used i.e., All Management Servers Resource Pool, Notifications Resource Pool, or AD Assignment Resource Pool. This...