genie.co.kr XSS vulnerability

Open Bug Bounty ID: OBB-549161 Description| Value ---|--- Affected Website:| genie.co.kr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Puppet Enterprise console session vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. console is one of the console tools. ...

CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

Session fixation

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

CVE-2015-8470

CVE-2015-8470 affects Puppet Enterprise console: versions 3.7.x, 3.8.x, and 2015.2.x fail to set the secure flag on the JSESSIONID cookie in HTTPS, making remote cookie interception possible. This can lead to information disclosure or session hijacking as described in the sources. The connected d...

CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

Trend Micro InterScan Messaging Security (Virtual Appliance) - Proxy.php Remote Code Execution (Metasploit)

Trend Micro InterScan Messaging Security Virtual Appliance - Proxy.php Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security...

Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution",...

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Mic...

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as roo...

WebNMS Framework 5.2SP1 Login Bypass

Summary WebNMS is an industry-leading used to build network management applications architecture. By submitting a custom headers parameter can directly obtain the session Cookie, skip login authentication. Vulnerability details Submit the following Get request HTTP header, add a UserName specify ...

CVE-2016-3651

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...

Design/Logic Flaw

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...

CVE-2016-3651

CVE-2016-3651 affects Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5. The issue is that remote authenticated users can discover the PHP JSESSIONID value on the web server via unspecified vectors. The vulnerability is listed among multiple SEPM issues and is associated with sessio...

CVE-2016-3651

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...

Live800在线客服系统默认密码导致的SQL查询/SQL注射漏洞

简要描述： Live800在线客服系统默认密码导致的SQL查询/SQL注射漏洞 详细说明： 在console/console.jsp文件中硬编码了验证权限的账户密码，通过登录console能够创建公司、修改客服密码，执行select查询以及SQL注射等高风险漏洞： if request.getParameter"iamkevin" == null if session.getAttribute"login" == null //response.sendRedirect"../noContent.jsp"; //return; else if...

The vulnerability of WebSphere Application Server application servers allows a hacker to gain access to sessions.

The vulnerability of the WebSphere Application Server application server console is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to the session by manipulating the JSESSIONID parameter when the Security featur...

SynTail 1.5 Build 566 - CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: email protected Vendor Homepage: http://www.synametrics.com Software Link:...

Syncrify Server <= 3.6 Build 833 - CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: email protected Vendor Homepage: http://www.synametrics.com Software Link:...

SynaMan 3.4 Build 1436 - CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: email protected Vendor Homepage: http://www.synametrics.com Software Link:...