110 matches found
CVE-2021-28485
In Ericsson Mobile Switching Center Server MSC-S before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application...
Path traversal
In Ericsson Mobile Switching Center Server MSC-S before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application...
CVE-2021-28485
In Ericsson Mobile Switching Center Server MSC-S before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application...
CVE-2022-39039
The CVE-2022-39039 issue affects aEnrich’s a+HRD . It is caused by inadequate filtering of a specific URL parameter, allowing an unauthenticated remote attacker to perform a Server-Side Request Forgery (SSRF) by sending arbitrary HTTP(S) requests. The vulnerability can lead to the execution of ar...
CVE-2022-39039 aEnrich a+HRD - Server-Side Request Forgery (SSRF)
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...
CVE-2022-41317
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...
CVE-2022-41317
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...
CVE-2022-41317
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Squid vulnerabilities (USN-5641-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5641-1 advisory. Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue t...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
CVE-2022-20828 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...
CVE-2022-20828 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...
Hakoriginfinder - Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide vi...
Online Banquet Booking System 1.0 Cross Site Request Forgery
Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...
FileCloud 21.2 - Cross-Site Request Forgery Vulnerability
Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...
Design/Logic Flaw
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
CVE-2021-1504 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
PT-2021-2789 · Cisco · Cisco Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a buffer overflow in the software of Cisco Adaptive Security Appliance ASA and...
PT-2021-2788 · Cisco · Cisco Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a buffer overflow in the software of Cisco Adaptive Security Appliance ASA and...