Lucene search
K

154 matches found

Citrix
Citrix
added 2023/09/08 12:0 a.m.8 views

SSLVPN error "Websocket connection failed: Connection closed before receiving a handshake responser"

After VPN tunnel established to NetScaler gateway, user encounter access issue s to backend server with error message: "Websocket connection to 'ws:///ws/notification/site-msg/' failed: Connection closed before receiving a handshake responser"...

7AI score
Exploits0
Citrix
Citrix
added 2023/09/06 12:0 a.m.7 views

TCP option lost when traffic go through TCP type Load Balance(LB) Vserver

TCP option lost when traffic go through TCP type Load BalanceLB Vserver: 1. Clients send TCP syn to NetScaler with TCP option segment: 2. Backend Servers do not receive TCP handshake with TCP option segment from NetScaler:...

7.1AI score
Exploits0
Citrix
Citrix
added 2023/09/04 12:0 a.m.12 views

Unable to ping backend server from NetScaler with SNIP as source IP address

SNIP, NSIP and backend server are in the same subnet. Unable to ping backend from NetScaler with SNIP as source IP address, can ping backend with NSIP as source IP address...

7.1AI score
Exploits0
NVD
NVD
added 2023/08/29 11:15 p.m.37 views

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS9.3AI score0.84967EPSS
Exploits0References3
Prion
Prion
added 2023/08/29 11:15 p.m.28 views

Cross site request forgery (csrf)

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

6.5CVSS9.1AI score0.84967EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/29 12:0 a.m.47 views

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.6CVSS9.5AI score0.84967EPSS
Exploits0References2
Citrix
Citrix
added 2023/08/24 12:0 a.m.16 views

Enabling NetScaler to forward original client source IP to backend server

This guide outlines the various methods available to ensure that the backend server is equipped to collect the original client IP through the NetScaler. The focus of this article lies in configuring the NetScaler to effectively forward the original client source IP to the backend server...

7AI score
Exploits0
Citrix
Citrix
added 2023/08/22 12:0 a.m.6 views

How to configure URL Transformation to transform part of URL Path

When accessinghttp://example.com/url1/xxxx, Netscalercan transform /url1/ to /url2/ and preserve other parts, then forward to backend server...

7.1AI score
Exploits0
Veracode
Veracode
added 2023/07/26 9:39 a.m.23 views

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of a validation in the input unit widget, which allows an attacker to inject and execute malicious Javascript into the browser and backend server...

6.5CVSS6.5AI score0.00534EPSS
Exploits1References6Affected Software1
0day.today
0day.today
added 2023/07/21 12:0 a.m.229 views

Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection Vulnerability

Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Exploit Author: Ansh Jain @sudoark Author Contact : email protected Vendor Homepage: https://www.wifi-soft.com/ Software Link:...

9.8CVSS9.7AI score0.02084EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.303 views

Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection

Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Date: 07/2023 Exploit Author: Ansh Jain @sudoark Author Contact : [email protected] Vendor Homepage: https://www.wifi-soft.com/ Software Link:...

9.8CVSS9.7AI score0.02084EPSS
Exploits4
NVD
NVD
added 2023/05/22 8:15 p.m.24 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

9.8CVSS9.7AI score0.2022EPSS
Exploits1References1
OSV
OSV
added 2023/05/22 12:0 a.m.16 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

9.8CVSS7.8AI score0.2022EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.28 views

K70312000: BIG-IP ASM JSON websocket security exposure

Security Advisory Description The BIG-IP ASM system may fail to block bad JSON websocket requests. This issue occurs when all of the following conditions are met: In the JSON profile of the affected security policy, the Parse Parameters setting is enabled. Note: This setting is enabled by default...

6.6AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.30 views

K88230177: BIG-IP ASM WebSocket vulnerability CVE-2021-22976

Security Advisory Description When the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2021-22976 Impact When this vulnerability is exploited, the BIG-IP ASM system may take...

7.5CVSS6.4AI score0.00961EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.26 views

K70134152: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect encoded directory traversal security exposure

Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems may fail to detect encoded directory traversal in the URL. This issue occurs when the following condition is met: The affected security policy is enabled with an evasion...

6.7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.18 views

JSA10396 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - OpenSSL - Incorrect checks for malformed signatures on DSA and ECDSA keys used with SSL/TLS on backend servers. CVE-2008-5077.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Several functions inside OpenSSL incorrectly checked the result after calling the EVPVerifyFinal function, allowing a malformed signature to be treated as a good signature rather than ...

5.8CVSS6.8AI score0.05146EPSS
Exploits1
Citrix
Citrix
added 2023/01/31 12:0 a.m.9 views

NetScaler HTTP-ECV monitor probe fails and returns "404 Not Found" response code

The HTTP-ECV monitor fails and returns the 404 Not Found response code. For example, a monitor of the HTTP-ECV type was configured to monitor the status of a backend server using the following as the expected response string: "Response is Successful." The status of the related service was marked ...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/28 10:58 a.m.4 views

varnish: Request Forgery Vulnerability

An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit...

7.5CVSS7.2AI score0.00936EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/28 10:54 a.m.4 views

varnish: Request Forgery Vulnerability

An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit...

7.5CVSS7.2AI score0.00936EPSS
Exploits0References6
Rows per page
Query Builder