CVE-2017-1000016

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18...

WakaTime: Using an outdated version of OpenSSH on db01.wakatime.com

Hii team once again, Hope you are better I have found that db01.wakatime.com is using an outdated version OpenSSH version leading to multiple vulnerability. How i find it I scanned the domain with nmap and it gives me a open port 222 and when i connect it with ncat it get connected and shows the...

Command injection

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP reques...

CVE-2017-2849

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP reques...

CVE-2017-2849

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP reques...

Nextcloud: https://portal.nextcloud.com/.htaccess file is readable

@mksahilisr reported a disclosure of the .htaccess file on https://portal.nextcloud.com. This has been resolved by adding the following to the Apache server configuration: order allow,deny deny from all Since the .htaccess file contained some potential sensitive data this report has only been...

Insecure Cross-Domain Policy (allow-access-from)

The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL...

Legal Robot: Cross Site WebSocket Hijacking

Description: The given URL fails to validate Origin header- leading to Cross-Site WebSocket Hijacking. Impact: The impact, however, depends on how the server is configured. For example, it might require an authentication token which are user specific. In such cases, it might not be as sever as it...

puppet-swift: installs config file with world readable permissions

An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions...

Zend Framework Configuration File Disclosure Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. Zend Framework has a configuration file disclosure vulnerability that can be exploited by an attacker to download...

Fedora 25 : phpMyAdmin (2016-6576a8536b)

phpMyAdmin 4.6.5.1 2016-11-26 =============================== A patch-level release fixing two small issues : - an issue affecting a small number of users using $cfg'Servers'$i'hidedb' or $cfg'Servers'$i'onlydb'. - an issue affecting the create table dialog where the partition selection tool was...

LocalTapiola: Suspicious browser fingerprinting(?) scripts on http://www.lahitapiola.fi/ redirector

I was doing some routine scanning of my Internet traffic at work I work as a Security Researcher for Forcepoint and noticed that my IDS popped up alarms of a ton of suspicious behaviour when I was trying to access http://www.lahitapiola.fi/ front page. It turned out that there seems to be a lot o...

Insecure Server Configuration

An incorrect Web management server configuration was identified in PAN-OS. Ref PAN-52038/86767...

Propagation Fails with error "Failed to get the end status of the server configuration update."

"Failed to get the end status of the server configuration update." "Failure to notify of configuration update." "An erorr occurred running the command : 'Add-DSFeatureInstances'...

Ian Dunn: [Not just a server configuration issue] Full Path Disclosure

Hey, I've just found a 'full path disclosure' in basic-google-maps-placemarks, so it's not just a server configuration issue! I've tested it on different servers including windows, ubuntu, CentOS etc.. PoC So, if we visit wp-content/plugins/basic-google-maps-placemarks/unit-tests.php it is clearl...

GoCD: Reflected XSS

Possible XSS when updating server configuration...

GoCD: XSS in http://localhost:8153/go/admin/config/server/update

Possible XSS when updating server configuration...

Troubleshooting Checklist: In Secure Mail, a "Cannot authenticate to the server <FQDN> because the certificate is not valid” error appears

Do the following: Ensure that the certificate chain is valid and that the configuration is complete on the Exchange Server. Try to connect the native email client with the same Exchange Server. If it works as expected, the issue is with client certificate configuration on the XenMobile server Onl...

Cookie attribute injection attack

PMASA-2016-18 Announcement-ID: PMASA-2016-18 Date: 2016-06-23 Summary Cookie attribute injection attack Description A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Severity We consider this to be non-critical. Mitigation...

Theory PHP Common Vulnerabilities the second bomb: common contains the vulnerability-vulnerability warning-the black bar safety net

Contains generally divided into LFI, RFI, i.e., local file inclusion and remote file inclusion LFI For LFI while 因为 很 多 都 限制 了 包含 的 后缀 结尾 必须 为 .php Include $a.'. php'such as this. So we want to include our pictures of the horses while 那么 就 需要 截断 后面 的 这 .php 1. 0 0 truncated. Need gpc off &&...