CVE-2024-20322

A vulnerability in the access control list ACL processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface...

CVE-2022-44000

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...

BACKCLICK 安全漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, evaluate, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from its publicly available internal communication interface that allows ...

PT-2022-27062 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an exposed internal communications interface, making it possible to execute arbitrary system commands on the server. Recommendations: For BACKCLICK Professional...

GHSA-6967-9VVV-4CMM Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible SECURITY-380. This only affects anonymous users other users legitimately have access that were able to get a list of items via an...

Naver Whale browser 安全漏洞

Naver Whale Browser is a web browser from the Korean company Naver that supports user-defined interfaces. A security vulnerability previously existed in Naver Whale browser 3.12.129.46 that allowed an attacker to corrupt the rendering process, which could lead to taking control of the browser's...

CVE-2020-3546

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

Glassdoor: wasResumeUsed ███ on /api-internal/api.htm endpoint leaking other user's resume usage status

The API endpoint that checks if a resume was used for previous job applications was found to be vulnerable. The endpoint accepted a parameter called "resumeMetadataId" which was not properly validated, allowing an attacker to check the usage status of resumes that did not belong to the user. This...

CVE-2019-17584

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32 or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from...

CVE-2019-9229

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers...

Design/Logic Flaw

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers...

CVE-2017-12351

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...

Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...

Hypervisor crash due to incorrect ASSERT (debug build only)

ISSUE DESCRIPTION A change to an internal interface within the hypervisor invalidated an ASSERT in a caller of that API. This code path is exposed to PV guests via a hypercall allowing administrators of PV guests to crash the hypervisor if it is built with debugging enabled. IMPACT Malicious...

BNAT Router

This module will properly route BNAT traffic and allow for connections to be established to machines on ports which might not otherwise be accessible. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Check Point Firewall-1 4.x - SecuRemote Internal Interface Address Information Leakage

// source: https://www.securityfocus.com/bid/8524/info An information leakage issue has been discovered in Check Point Firewall-1. Because of this, an attacker may gain sensitive information about network resources. // / The syntax is: / / fw1getints start IP address end IP address / / / / Author...