WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting

Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link: https://www.advancedcustomfields.com/ Version: 5.7.7 Tested on: Win10...

GitLab: Unauthorized users may be able to view almost all informations related to Private projects.

Summary: On the most of pages related to Private projects, cache control is inadequate, so the contents of Private projects may leak to unauthorized users. Description: For visibility of projects, you can select Public, Internal, and Private. Among them, Private projects can only be viewed from...

Spoof SSDP replies to phish for NTLM hashes: evil-ssdp

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage. By default, this...

Security Bulletin: IBM Operational Decision Manager : CVE-2014-0944, CVE-2014-0945, CVE-2014-0946

Summary This Security Bulletin addresses 3 security vulnerabilities CVE-2014-0944, CVE-2014-0945 and CVE-2014-0946 in IBM Operational Decision Manager. All issue are related to the RES Console provided in Rule Execution Server. Vulnerability Details CVE ID: CVE-2014-0944 DESCRIPTION: IBM...

Microsoft Internet Explorer 11 Vbscript Code Execution

Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557 lIlIIl=Unescape"%u0001%u0880%u0001%u0000%u0000%u0000%u0000%u0000%uffff%u7fff%u0000%u0000"...

Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution

Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557 lIlIIl=Unescape"%u0001%u0880%u0001%u0000%u0000%u0000%u0000%u0000%uffff%u7fff%u0000%u0000"...

Discourse: CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)

Hi, I noticed this issue on one of your clients which was using CloudFlare in front of their Discourse. This is not affecting try.discourse.org but the same underlying issue can be seen there as well even though it's not exploitable on that specific domain. The TL;DR of issue is basically:...

Information Disclosure

Moodle is vulnerable to information disclosure. The library does not send Cache-Control: private headers, allowing a malicious user to send requests for files that were previously retrieved by a caching proxy server...

http-security-headers NSE Script

Checks for the HTTP response headers related to security given in OWASP Secure Headers Project and gives a brief description of the header and its configuration value. The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The...

Preventing the Cache-Control Response Header from being Set to private

Q: When Compression is enabled on a NetScaler appliance, can you prevent the Cache-Control response header being set to the value private? A: Yes. You can prevent the Cache-Control response from being set to the value private when compression is enabled on a NetScaler appliance. To prevent the...

Gratipay: Incomplete or No Cache-control and Pragma HTTP Header Set

Hello, The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content. HTTP/1.1 200 OK Connection: keep-alive Server: gunicorn Date: Sun, 27 Nov 2016 16:18:06 GMT Content-Type: text/html; charset=UTF-8 X-Gratipay-Version: 2014...

HackerOne: Users contents on AWS is cacheable

Hi , Background ============================= As I know you are using AWS S3 for saving and serving files . The AWS S3 on https://hackerone-attachments.s3.amazonaws.com are been called every time to show images on hackerone.com . For example view this report 145392 You will see a request for Fran...

Fedora 23 : drupal7-views (2016-ed5f606dde)

Fixes Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 Changes since 7.x-3.13 : - Adding field handlers for statistics fields - \2200309 by helmo: Changed invalid placeholder from 'handler' to 'extender'. - \2708535 by stefan.r: Allow users to sort on a specific language, showing it...

Radancy: Application error message

Attack details HTTP Header input X-Forwarded-For was set to 12345'"'";|%00%0d%0a%bf%27'??? Error message found: Warning: inetpton function.inet-pton: Unrecognized address 12345'"\'\";|%00%0d%0a%00%bf%27' in...

New Relic: Cache-Control Misconfiguration Leads to Sensitive Information Leakage

Hi, This is a issue related with cache and information disclosure. Generally when a user is logged out, the session gets terminated and no data is of the previous session is accessible. But when cache control is not configured correctly, Sensitive data leak over browser even after user have logge...

Responses with Set-Cookie header cached

h3. Context We have Jira running with SSO from Crowd. Jira is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get the Crowd...

CVE-2015-7368

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

Design/Logic Flaw

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

CVE-2015-7368

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

微软 IE11 MSHTML.dll 远程拒绝服务漏洞

IE11发现的一个BUG,对HTML协议中的某些元素的处理存在代码完整性缺失。造成浏览器崩溃。 function boom var divA = document.createElement"div"; document.body.appendChilddivA; try //divA.contentEditable = "true"; divA.outerHTML = "AAAA"; var context = divA'msGetInputContext'; catch exception...