142 matches found
httpd security update
2.4.6-97.0.5.5 - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690 - replace index.html with Oracle's index page oracleindex.html 2.4.6-97.5 - Resolves: 2065243 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier...
httpd:2.4 security update
httpd 2.4.37-43.1.0.1 - scoreboard: fix null pointer deference Orabug: 33690670CVE-2021-34798 - fix apescapequote logic Orabug: 33690686CVE-2021-39275 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html. 2.4.37-43.1 - Resolves:...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter...
CVE-2021-44829
CVE-2021-44829 applies to AFI Solutions WebACMS (Product: WebACMS, Vendor: AFI Solutions GmbH) up to version 2.1.0. The vulnerability is a Cross-Site Scripting (CWE-79) present in index.html exposed via the ID parameter. Root cause is input data not properly sanitized, enabling execution of clien...
httpd security update
2.4.6-97.0.1.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-97.1 - Resolves: 2011729 - CVE-2021-40438 httpd: modproxy: SSRF via a crafted request uri-path containing 'unix:'...
httpd:2.4 security update
httpd 2.4.37-39.1.0.1.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-39.1 - Resolves: 2007234 - CVE-2021-40438 httpd:2.4/httpd: modproxy: SSRF via a crafted request uri-path - Resolves: 2007646 - CVE-2021-26691...
Google Invisible RECAPTCHA 3 Spoof Bypass
Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit Author: Matamorphosis Tested on: Windows and...
httpd security and bug fix update
2.4.6-90.0.1 - replace index.html with Oracles index page oracleindex.html Resolves: 1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdigest - Resolves: 1696141 - CVE-2019-0217 httpd: modauthdigest: access control bypass due to race condition - Resolves: 1696096 -...
CVE-2019-14312
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI...
httpd security update
2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdigest...
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI...
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI...
Design/Logic Flaw
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI...
CVE-2019-14240
Summary: WCMS v0.3.2 contains a CSRF vulnerability that enables directory traversal to modify the homepage (index.html) via the URI /wex/html.php?finish=../index.html. The issue resides in the web editor component (wex/html.php) and does not require authentication, enabling potential unauthorized...
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI...
Horde Webmail 5.2.22 - Multiple Vulnerabilities
Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...
DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories
DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just...
Moderate severity vulnerability that affects total.js
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html item.message and themes/admin/public/ui.js column.format...
CVE-2019-10260
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html item.message and themes/admin/public/ui.js column.format...
CVE-2019-10260
Total.js CMS 12.0.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the admin UI: item.message handling in themes/admin/views/index.html and column.format handling in themes/admin/public/ui.js. The connected sources consistently identify the vulnerable components but do not provide a...