9228 matches found
Server side request forgery (ssrf)
The Quest Federal CU Mobile aka com.metova.cuae.questfcu application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Open-Xchange Security Advisory 2014-09-15
Product: OX App Suite Vendor: Open-Xchange GmbH Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.0 and earlier Vulnerable component: frontend Fixed version: 7.4.2-rev33, 7.6.0-rev16 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2014-07-1...
Server side request forgery (ssrf)
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...
Server side request forgery (ssrf)
pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service infinite loop via an RSS feed request for a folder the user does not have permission to access...
X2Engine 4.1.7 PHP Object Injection
------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...
Server side request forgery (ssrf)
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request...
Alfresco - proxy?endpoint Server-Side Request Forgery
Alfresco - proxy?endpoint Server-Side Request Forgery source: https://www.securityfocus.com/bid/68/info http://www.example.com/alfresco/proxy?endpoint=http://internalsystem:port 663/info Alfresco Community Edition is prone to multiple security vulnerabilities. An attacker may leverage these issue...
Traidnt UP 2.0 - Remote SQL Injection Exploit
No description provided by source. !/usr/bin/ruby ============================================= Traidnt UP v2.0 Exploit SQL Injection Vulnerability --------------------------------------------- Date: 05-08-2009 Discovered & written by: Jafer Al-Zidjali Email: jaferatscorpionds.com Website:...
CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2232 =================== "Absolute Path Traversal" CWE-36 vulnerability in "infoware MapSuite" Vendor =================== infoware GmbH Product =================== MapSuite Affected versions =================== This vulnerability affects...
CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2233 =================== "Server-Side Request Forgery" CWE-918 vulnerability in "infoware MapSuite" Vendor =================== infoware GmbH Product =================== MapSuite Affected versions =================== This vulnerability affects...
Server side request forgery (ssrf)
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request...
Server side request forgery (ssrf)
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service assertion failure via a crafted range request, related to state management...
Symantec Endpoint Protection Manager XML External Entity Denial Of Service (CVE-2013-5014)
A XML external entity XXE vulnerability exists in Symantec Endpoint Protection Manager SEPM. This is due to an incorrectly configured XML parser in the management console that readily processes XML external entities. A remote unauthenticated attacker may exploit this vulnerability via specially...
PT-2014-56: Server Side Request Forgery in Honeywell EPKS
The specialists of the Positive Research center have detected a Server Side Request Forgery vulnerability in Honeywell EPKS. Control Builder software has the ability to manage PLC projects, importing and exporting project files. Project description is stored in XML files which are allowed to...
Server side request forgery (ssrf)
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service reboot via a crafted web page, as demonstrated ...
Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities
Plex Media Server versions 0.9.9.2.374-aa23a69 and below suffer from authentication bypass and local file disclosure vulnerabilities. title: Authentication bypass SSRF and local file disclosure product: Plex Media Server vulnerable version: =0.9.9.3 impact: Critical homepage: http://www.plex.tv...
Plex Media Server 0.9.9.2.374-aa23a69 Bypass / File Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication bypass SSRF and local file disclosure product: Plex Media Server vulnerable version: =0.9.9.3 impact: Critical homepage: http://www.plex.tv found: 2014-02-...
[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities
The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". So, i always suggest them to use some vulnerable web application such as DVWA. However, i felt dvwa is not suitable for new and advanced techniques...
Server side request forgery (ssrf)
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service reboot or crash via a crafted HTTP request to filesystem/...
phpThumb 1.7.12 Server Side Request Forgery
phpThumb 'phpThumbDebug' Server Side Request Forgery Google Dork: inurl:phpThumb.php Author: Rafay Baloch And Deepanker Arora Company: RHA InfoSEC Impact: High Vendor: http://phpthumb.sourceforge.net/download Version: 1.7.12 Status: Reported And Fixed =========== Description =========== A server...