23 matches found
CVE-2023-28451
An issue was discovered in Technitium 11.0.2. There is a vulnerability called BadDNS in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS denial of service for normal resolution. The effects of an exploit would be widespread and highly impactful, becaus...
undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...
Security Bulletin: IBM Content Navigator is vulnerable to Cross Site Port Attack due to Daeja ViewONE (CVE-2024-31897)
Summary Daeja ViewOne Virtual is used by IBM Content Navigator as part of the document viewer. CVE-2024-31897 Vulnerability Details CVEID:CVE-2024-31897 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0....
CVE-2024-37855
An issue in Nepstech Wifi Router xpon terminal NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials...
CVE-2023-4769
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...
Server side request forgery (ssrf)
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...
CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...
UBUNTU-CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
The Mozilla Foundation Security Advisory describes this flaw as: The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on...
Schneider Electric Modicon M340 PLC Module Denial of Service Vulnerability
Schneider Electric M340 PLC is a modular general-purpose controller from Schneider for the manufacturing industry. It is widely used in tobacco, petrochemical, water and other important industrial control sites. A denial of service vulnerability exists in the Schneider Electric M340 PLC CPU. The...
MECO USB Memory Stick Privilege Gain Vulnerability
MECO USB Memory Stick is a portable USB memory device. A security vulnerability exists in the MECO USB Memory Stick with Fingerprint MECOZiolsamDE601. An attacker can exploit the vulnerability by sending static packets to the serial port on the PCB to unlock the key and gain access to the data...
CVE-2017-15702
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...
Oracle PeopleSoft - Server-Side Request Forgery Vulnerability
Exploit for java platform in category web applications Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017...
Oracle PeopleSoft - Server-Side Request Forgery
Oracle PeopleSoft - Server-Side Request Forgery Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference...
Oracle PeopleSoft - Server-Side Request Forgery
Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Roman Shalymov...
Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF Vulnerabilities
Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability. Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com...
Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF
Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Roman Shalymov...
SSRF in PeopleSoft IMServlet
Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor: Oracle Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Authors: Roman Shalymov ERPScan...
New Relic: http://newrelic.com SSRF/XSPA
A Server Side Request Forgery / Cross Site Port Attack was discovered via a POST request to http://newrelic.com/syntheticspreviews and using the parameter within the body of the request testurl. A Server Side Request Forgery vulnerability allows to issue remote connections on behalf of the affect...
DEBIAN-CVE-2014-3640
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service NULL pointer dereference by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket...