72 matches found
Security Advisory EPM July 2024 for EPM 2024
Last Modified Date Apr 16, 2025 2:50:24 PM...
CVE-2024-36107 Information disclosure in minio
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
CVE-2024-36107 Information disclosure in minio
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
PT-2024-5523 · Minio +2 · Minio +2
Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2024-05-27T19-17-46Z Description: The issue concerns the use of If-Modified-Since and If-Unmodified-Since headers with anonymous requests, allowing an attacker to determine if an object exists on the server in ...
S3Crets_Scanner - Hunting For Secrets Uploaded To Public S3 Buckets
S3cret Scanner tool designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets in public S3 buckets. Can be executed as scheduled task or On-Demand Automation workflow The automation will perform the following actions: 1. List the public...
MI Core - Vulnerability found security issue on jquery.
Last Modified Date Mar 12, 2024 4:32:15 PM...
WordPress WP Last Modified Info plugin <= 1.6.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jeroen Mulder in WordPress WP Last Modified Info plugin versions = 1.6.5. Solution Update the WordPress WP Last Modified Info plugin to the latest available version at least 1.6.6...
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
class MetasploitModule 'CVE-2019-9649 CoreFTP FTP Server Version 674 and below MDTM Directory Traversal', 'Description' = %qAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal ....\ to browse...
Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure
!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
CoreFTP Server MDTM Directory Traversal Exploit
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal ....\ to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date. Exploit...
CoreFTP Server MDTM Directory Traversal
Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal Metasploit Google Dork: N/A Date: 8/21/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link: http://www.coreftp.com/server/index.html Version: Firmware: CoreFTP Server FTP ...
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...
CVE-2019-9649
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique ....\ to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date...
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...
hapi node module denial of service vulnerability
The hapi node module is a server framework for Node.js. The framework supports input validation, caching, authentication and more. A security vulnerability exists in hapi node module versions prior to 11.1.3. An attacker exploits the vulnerability to cause a denial of service socket exhaustion wi...
GHSA-RC8H-3FV6-PXV8 Denial of Service in hapi
Versions of hapi prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500 error back...
Denial of Service in hapi
Versions of hapi prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500 error back...