54 matches found
CVE-2021-43064
A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...
CVE-2021-43064
A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...
CVE-2021-43064
A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...
CVE-2021-43064
A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...
Spoofed Messages
sendmail is vulnerable to spoofed messages. The vulnerability exists as the configuration of sendmail in Red Hat Enterprise Linux was found to not reject the "localhost.localdomain" domain name for email messages that come from external hosts. This could allow remote attackers to disguise spoofed...
Asset Inventory for Network Perimeter: from Declarations to Active Scanning
In the previous post, I shared some of my thoughts about the good Asset Inventory system. Of course, for me as a Security Specialist, it would be great if IT will provide such magical system. But such an ideal situation is rarely possible. So now let's see how to build an Asset Inventory system...
Public Port Scan Scrapper: scanless
Public Port Scan Scrapper Command-line utility for using websites that can perform port scans on your behalf. Useful for early stages of a penetration test or if you’d like to run a port scan on a host and have it not come from your IP address. scanless adj: lacking respectable morals. That girl ...
openSUSE Security Update : inkscape (openSUSE-SU-2013:0294-1)
Inkscape was updated to fix two security issues : - inkscape occasionaly tries to open EPS files from /tmp bnc796306, CVE-2012-6076. - inkscape could load XML from external hosts bnc794958, CWE-827, CVE-2012-5656. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
CVE-2012-3488
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...
Scientific Linux Security Update : sendmail on SL4.x i386/x86_64
The configuration of Sendmail was found to not reject the 'localhost.localdomain' domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages CVE-2006-7176. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
HP StorageWorks File Migration Agent Detection
The remote host is running an HP StorageWorks File Migration Agent, which migrates rarely used files to external hosts, recalling them as needed. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid52654; scriptversion"1.6";...
Input validation
Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...
sendmail allows external mail with from address [email protected]
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages...
CVE-2006-7176
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages...