Lucene search
K

3718 matches found

Hacker One
Hacker One
added 2015/05/05 9:26 a.m.28 views

Concrete CMS: Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1

Concrete5 is affected by a design issue related to the Host HTTP header. Such header is being used to define the base URL for the application. Since the Host header can be arbitrarily manipulated by an attacker, this can have some security impacts...

6.8AI score
Exploits0
NVD
NVD
added 2015/04/23 2:0 a.m.17 views

CVE-2015-0706

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...

5.8CVSS6.6AI score0.01096EPSS
Exploits0References1
Prion
Prion
added 2015/04/23 2:0 a.m.21 views

Open redirect

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...

5.8CVSS7AI score0.01096EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/04/23 1:0 a.m.23 views

CVE-2015-0706

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...

6.6AI score0.01096EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/22 3:31 p.m.25 views

Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...

4.3CVSS6.2AI score0.01096EPSS
Exploits0References1
myhack58
myhack58
added 2015/04/19 12:0 a.m.40 views

Ali security research labs: IIS server vulnerability analysis-vulnerability warning-the black bar safety net

4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...

0.6AI score
Exploits0
myhack58
myhack58
added 2015/04/18 12:0 a.m.32 views

The IIS server vulnerability analysis-vulnerability warning-the black bar safety net

4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...

7.5AI score
Exploits0
CNVD
CNVD
added 2015/04/10 12:0 a.m.3 views

Apple Mac OS X Cross-Domain HTTP Request Header Authentication Credentials Disclosure Vulnerability

Apple Mac OS X is an operating system developed by Apple Inc. A cross-domain HTTP request header validation credential disclosure vulnerability exists in Apple Mac OS X CFNetwork Session Handling Redirection, which allows attackers to exploit the vulnerability to obtain sensitive information...

4.3CVSS6.4AI score0.01601EPSS
Exploits0References1
0day.today
0day.today
added 2015/04/08 12:0 a.m.28 views

Wordpress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2015/04/08 12:0 a.m.26 views

WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection

Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link: https://wordpress.org/plugins/trafficanalyzer/ Version: 3.4.2...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2015/04/03 12:44 p.m.103 views

Snapchat: Captcha Bypass in Snapchat's Geofilter Submission Process

Hi, Overview: Snapchat provides a form in which users can submit "Geofilters". These are filters which get applied to users snaps when they are in specific geolocations. The form https://www.snapchat.com/geofilters/submit.html allows for the submission of these "Geofilters" as an anonymous user...

6.3AI score
Exploits0
0day.today
0day.today
added 2015/03/20 12:0 a.m.50 views

Citrix Netscaler NS10.5 - WAF Bypass Via HTTP Header Pollution Vulnerability

Exploit for linux platform in category web applications Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document Title:...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/03/19 12:0 a.m.3 views

Citrix Netscaler NS10.5 HTTP Header Contamination WAF Bypass Vulnerability

Citrix NetScaler is a network traffic management product A security vulnerability exists in Citrix NetScaler that allows attackers to exploit a vulnerability to bypass WAF protection via HTTP header pollution for unauthorized access...

6.8AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/03/14 12:0 a.m.31 views

Citrix Netscaler NS10.5 WAF Bypass

Document Title: ============ Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Release Date: =========== 12 Mar 2015 Product & Service Introduction: ======================== Citrix NetScaler AppFirewall is a comprehensive application security solution that blocks known and unknown...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2015/03/13 12:0 a.m.38 views

ArcSight Logger - Arbitrary File Upload Code Execution

ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...

9CVSS0.2AI score0.117EPSS
Exploits2
exploitpack
exploitpack
added 2015/03/12 12:0 a.m.18 views

Citrix Netscaler NS10.5 - WAF Bypass (Via HTTP Header Pollution)

Citrix Netscaler NS10.5 - WAF Bypass Via HTTP Header Pollution Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/03/12 12:0 a.m.30 views

Citrix Netscaler NS10.5 - WAF Bypass (Via HTTP Header Pollution)

Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document Title: ============ Citrix Netscaler NS10.5 WAF Bypass via HTTP...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2015/03/03 11:6 a.m.21 views

Yelp: Missing X-Frame-Options header

URL https://staging.seatme.us/ Vulnerability: The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in...

6.7AI score
Exploits0
0day.today
0day.today
added 2015/03/02 12:0 a.m.74 views

vBulletin 4.x.x visitormessage.php Remote Code Injection Vulnerability

you can get access from vbulletin forum, just inject php code in one file. + My Homepage: black-hg.org / nasirpour.info + Discovered By: Dariush Nasirpour Net.Edit0r + Greeting : Ali Razmjoo - Ehsan Nezami - Arash Shams - Ramin Shahkar and all my freinds bhg...

9CVSS8.7AI score0.14785EPSS
Exploits3
Exploit DB
Exploit DB
added 2015/03/02 12:0 a.m.67 views

vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

7.4AI score
Exploits0
Rows per page
Query Builder