Cross site request forgery (csrf)

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

CVE-2024-21643

The CVE-2024-21643 issue affects IdentityModel Extensions for .NET (Microsoft.IdentityModel.Protocols.SignedHttpRequest) where the SignedHttpRequest protocol/validator trusts the jku claim by default, enabling remote/local HTTP GET requests. Multiple sources confirm this vulnerability and identif...

CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

GHSA-RV9J-C866-GP5H Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability

Impact What kind of vulnerability is it? Who is impacted? Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim by default for the SignedHttpRequestprotocol. This raises the possibility to make any remote or loc...

Intrasrv Simple Web Server 1.0 Denial Of Service

!/usr/bin/perl use IO::Socket; Exploit Title: Intrasrv Simple Web Server 1.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 09 january 2024 Vendor Homepage: http://www.leighb.com/intrasrv.htm Download to demo: http://www.leighb.com/intrasrv.zip Download 2 to demo:...

CVE-2024-0263 ACME Ultra Mini HTTPd HTTP GET Request denial of service

A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

CVE-2024-0263 ACME Ultra Mini HTTPd HTTP GET Request denial of service

A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

CVE-2024-0263

CVE-2024-0263 affects ACME Ultra Mini HTTPd 1.21, specifically the HTTP GET Request Handler. The documented issue is a remote, unauthenticated denial of service caused by manipulation of this handler. Several connected sources confirm the impact is DoS and that a patch is recommended to fix the v...

CVE-2023-51448

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...

CVE-2023-51448

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...

CVE-2023-51448 SQL Injection vulnerability when managing SNMP Notification Receivers

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...

Cross-Site Request Forgery (CSRF)

apacheairflow is vulnerable to Cross-Site Request Forgery. The vulnerability is due to the trigger function in views.py which accepts HTTP GET requests for triggering DAGs. An attacker can exploit this by creating a malicious website/URL that sends unauthorized GET requests to trigger DAGs in...

Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method

An issue present in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...

GHSA-P8Q6-QRGJ-7GX2 Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method

An issue present in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...

CVE-2023-48122

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...

Design/Logic Flaw

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...

CVE-2023-48122

The CVE-2023-48122 issue affects microweber v2.0.1 and is fixed in v2.0.4. It enables a remote attacker to obtain sensitive information via HTTP GET, indicating a remote information disclosure vulnerability with a CVSSv3.1 base score of 7.5 (High). Mitigation: upgrade to microweber v2.0.4 or late...

CVE-2023-48122

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

CVE-2023-22515-Scan About This is simple scanner for CVE-...