Exploit for Improper Input Validation in Alibaba Fastjson

Lab 6-CVE-2017-18349 I. SYSTEM ANALYSIS Attack S...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 A remote attacker can construct OGNL expressi...

Denial Of Service (DoS)

github.com/projectcontour/contour is vulnerable to denial of service DoS. The vulnerability exists as there is a lack of authentication to perform GET requests to the unsafe /shutdown endpoint on port 8090, allowing an attacke rto remove Envoy from the routing pool...

CVE-2020-15127

In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...

CVE-2019-18333

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs t...

CVE-2019-18334

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to...

Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44784)

The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. An information disclosure vulnerability exists in the Siemens SPPA-T3000. An attacker with network access to the application server could enumerate valid user names by sendi...

Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44781)

The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. An information disclosure vulnerability exists in the Siemens SPPA-T3000. An attacker can access file names on the server by sending carefully crafted packets to 8090/tcp...

The vulnerability in the Vivint Sky Control Panel web application lies in the lack of authentication for critical functions. This allows a malicious individual to activate or deactivate the security system and alter other security settings.

The vulnerability of the Vivint Sky Control Panel web application is related to the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to enable and disable the alarm system and modify other security settings via the web interface the default por...

EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet Remote Code Execution

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service DPAIlluminator.exe listening on public port 8090 tcp/http and 8453 tcp/https is...

DDIVRT-2009-25 IPsession SQL Injection Vulnerability

Title ----- DDIVRT-2009-25 IPsession SQL Injection Vulnerability Severity -------- Medium Date Discovered --------------- March 31, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: David Marshall and r@b13$ Vulnerability Description...