3718 matches found
Concrete CMS: Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1
Concrete5 is affected by a design issue related to the Host HTTP header. Such header is being used to define the base URL for the application. Since the Host header can be arbitrarily manipulated by an attacker, this can have some security impacts...
CVE-2015-0706
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...
Open redirect
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...
CVE-2015-0706
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...
Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability
A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...
Ali security research labs: IIS server vulnerability analysis-vulnerability warning-the black bar safety net
4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...
The IIS server vulnerability analysis-vulnerability warning-the black bar safety net
4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...
Apple Mac OS X Cross-Domain HTTP Request Header Authentication Credentials Disclosure Vulnerability
Apple Mac OS X is an operating system developed by Apple Inc. A cross-domain HTTP request header validation credential disclosure vulnerability exists in Apple Mac OS X CFNetwork Session Handling Redirection, which allows attackers to exploit the vulnerability to obtain sensitive information...
Wordpress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link:...
WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection
Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link: https://wordpress.org/plugins/trafficanalyzer/ Version: 3.4.2...
Snapchat: Captcha Bypass in Snapchat's Geofilter Submission Process
Hi, Overview: Snapchat provides a form in which users can submit "Geofilters". These are filters which get applied to users snaps when they are in specific geolocations. The form https://www.snapchat.com/geofilters/submit.html allows for the submission of these "Geofilters" as an anonymous user...
Citrix Netscaler NS10.5 - WAF Bypass Via HTTP Header Pollution Vulnerability
Exploit for linux platform in category web applications Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document Title:...
Citrix Netscaler NS10.5 HTTP Header Contamination WAF Bypass Vulnerability
Citrix NetScaler is a network traffic management product A security vulnerability exists in Citrix NetScaler that allows attackers to exploit a vulnerability to bypass WAF protection via HTTP header pollution for unauthorized access...
Citrix Netscaler NS10.5 WAF Bypass
Document Title: ============ Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Release Date: =========== 12 Mar 2015 Product & Service Introduction: ======================== Citrix NetScaler AppFirewall is a comprehensive application security solution that blocks known and unknown...
ArcSight Logger - Arbitrary File Upload Code Execution
ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...
Citrix Netscaler NS10.5 - WAF Bypass (Via HTTP Header Pollution)
Citrix Netscaler NS10.5 - WAF Bypass Via HTTP Header Pollution Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document...
Citrix Netscaler NS10.5 - WAF Bypass (Via HTTP Header Pollution)
Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document Title: ============ Citrix Netscaler NS10.5 WAF Bypass via HTTP...
Yelp: Missing X-Frame-Options header
URL https://staging.seatme.us/ Vulnerability: The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in...
vBulletin 4.x.x visitormessage.php Remote Code Injection Vulnerability
you can get access from vbulletin forum, just inject php code in one file. + My Homepage: black-hg.org / nasirpour.info + Discovered By: Dariush Nasirpour Net.Edit0r + Greeting : Ali Razmjoo - Ehsan Nezami - Arash Shams - Ramin Shahkar and all my freinds bhg...
vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection
Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...