Lucene search
+L

71 matches found

ptsecurity
ptsecurity
added 2023/01/11 12:0 a.m.7 views

PT-2023-1320 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20 versions Netcomm NF20MESH versions Netcomm NL1902 versions Description: The issue is related to an authentication bypass in the Netcomm router models. This allows an unauthenticated user to access content. The application checks...

10CVSS8AI score0.11009EPSS
Exploits2References8
attackerkb
attackerkb
added 2023/01/11 12:0 a.m.47 views

CVE-2022-4874

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a “fake logi...

7.5CVSS7.8AI score0.11009EPSS
In wildExploits1References2
github
github
added 2022/01/28 11:6 p.m.44 views

Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationPersonal Themestatic content. Under the NAME field put a payload constructor.constructor'alert1' while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed...

7.1CVSS1.1AI score0.00766EPSS
Exploits1References4Affected Software1
osv
osv
added 2022/01/28 11:6 p.m.20 views

GHSA-8WCC-F2VQ-H4GX Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationPersonal Themestatic content. Under the NAME field put a payload constructor.constructor'alert1' while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed...

5.4CVSS5.1AI score0.00766EPSS
Exploits1References4
msrc
msrc
added 2021/12/22 6:7 p.m.26 views

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...

1.4AI score
Exploits0
msrc
msrc
added 2021/12/22 8:0 a.m.9 views

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...

6.5AI score
Exploits0
msrc
msrc
added 2021/12/22 8:0 a.m.10 views

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...

1.9AI score
Exploits0
osv
osv
added 2021/05/10 3:15 p.m.3 views

CVE-2021-23016

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests t...

5.3CVSS5.8AI score0.00833EPSS
Exploits0References1
prion
prion
added 2021/05/10 3:15 p.m.26 views

Code injection

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests t...

5CVSS5.2AI score0.00833EPSS
Exploits0References1Affected Software1
fedora
fedora
added 2021/04/30 12:55 a.m.42 views

[SECURITY] Fedora 34 Update: jetty-9.4.40-1.fc34

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

4CVSS0.6AI score0.0418EPSS
Exploits1
fedora
fedora
added 2021/04/29 1:22 a.m.42 views

[SECURITY] Fedora 32 Update: jetty-9.4.40-1.fc32

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

4CVSS0.6AI score0.0418EPSS
Exploits1
osv
osv
added 2020/03/06 9:15 p.m.7 views

CVE-2020-10112

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached...

5.4CVSS6.1AI score0.01433EPSS
Exploits3References3
ptsecurity
ptsecurity
added 2020/03/06 12:0 a.m.12 views

PT-2020-11934 · Citrix · Citrix Adc +1

Name of the Vulnerable Software and Affected Versions: Citrix Gateway versions 11.1 through 12.1 Description: The issue allows Cache Poisoning. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths...

5.8CVSS6.9AI score0.01433EPSS
Exploits3References7
hackerone
hackerone
added 2019/02/05 4:18 p.m.21 views

Mail.ru: [https://pandao.ru] - PUT method available

Unrestricted PUT method allowed upload of static content to server in pandao.ru...

0.6AI score
Exploits0
fedora
fedora
added 2018/07/12 2:21 p.m.48 views

[SECURITY] Fedora 28 Update: jetty-9.4.11-2.v20180605.fc28

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

9.8CVSS0.6AI score0.20985EPSS
Exploits0
osv
osv
added 2018/07/11 8:29 p.m.19 views

CVE-2016-0708

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack...

5.9CVSS6.8AI score0.01558EPSS
Exploits0References1
debiancve
debiancve
added 2018/06/11 9:0 p.m.22 views

CVE-2017-5453

A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox 53...

4.3CVSS7AI score0.01097EPSS
Exploits0
hackerone
hackerone
added 2018/01/26 9:38 p.m.98 views

Node.js third-party modules: [simple-server] HTML with iframe element can be used as filename, which might lead to load and execute malicious JavaScript

Hi Guys, simple-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. This is caused by outdated version of connect framework. Module: Simple Server allows you to easily get a node.js static file server up and running anywhere anytime...

3.5CVSS5.1AI score0.01315EPSS
Exploits1
fedora
fedora
added 2017/11/15 8:23 p.m.27 views

[SECURITY] Fedora 26 Update: perl-Catalyst-Plugin-Static-Simple-0.34-1.fc26

The Static::Simple plugin is designed to make serving static content in your application during development quick and easy, without requiring a single line of code from you...

7.5CVSS2.6AI score0.02434EPSS
Exploits0
fedora
fedora
added 2017/07/08 10:21 p.m.42 views

[SECURITY] Fedora 25 Update: jetty-9.4.6-1.v20170531.fc25

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

7.5CVSS0.6AI score0.05795EPSS
Exploits0
Rows per page
Query Builder