CVE-2021-20583

IBM Security Verify IBM Security Verify Privilege Vault 10.9.66 could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396...

CVE-2021-20583

IBM Security Verify IBM Security Verify Privilege Vault 10.9.66 could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396...

Backdoor.Win32.Zombam.gen Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404D.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Information Disclosure Description: Zombam malware listens...

'/%2557EB-INF/' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Security Bulletin: IBM DataPower Gateway GUI permits use of GET

Summary The IBM DataPower GUI uses HTTP POST for operations that require information from the client. However, the GUI also responds to GET operations on the same URLs. While such GET operations are never initiated by the GUI, use of GET in such a manner could reveal sensitive information, so the...

CVE-2021-20576

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...

CVE-2021-20576

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...

CVE-2021-20576

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...

Security Bulletin: Multiple Security Vulnerabilities have been resolved in IBM Application Gateway (CVE-2021-20576, CVE-2021-20575, CVE-2021-29665)

Summary Multiple Security vulnerabilities have been fixed in the IBM Application Gateway product. Vulnerability Details CVEID: CVE-2021-20576 DESCRIPTION: IBM Application Gateway could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...

Red Hat Ceph 输入验证错误漏洞

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, enabling fault tolerance and seamless data replication. Cep...

Insecure Session Management

flow-server uses an insecure session management. The server session is not invalidated when the logout helper method of Authentication module is used via a HTTP GET request...

CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

Design/Logic Flaw

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

PYSEC-2021-22

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

Nagios XI getprofile.sh Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Prior to 5.6.6 getprofile.sh Authenticated Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the...

CVE-2021-28936

The Acexy Wireless-N WiFi Repeater REV 1.0 28.08.06.1 Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known default:admin whereas no previous authentication is required...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot DoS Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) Vulnerability

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot Unauthenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product...

NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation Vulnerability

NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user user:user can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password admin credentials in...