CVE-2026-25523

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

CVE-2026-25523

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

CVE-2024-25146

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the...

Fedora 35 : php-pear-CAS (2022-76b3530ac2)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-76b3530ac2 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...

CVE-2020-36473

CVE-2020-36473 affects UCWeb UC browser versions 12.12.3.1219–12.12.3.1226. The root cause is the use of plaintext HTTP, enabling man-in-the-middle attackers to discover the URLs visited by a user. All cited sources (NVD, Red Hat, CNNVD) confirm the affected product/version range and the resultin...

CVE-2021-26845

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versio...

OpenID library for Ruby: Server-Side Request Forgery

Background A Ruby library for verifying and serving OpenID identities. Description It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the...

Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use I...

angryFuzzer - Tool for Information Gathering

AngryFuzz3r is a collection of tools for pentesting to gather information and discover vulnerabilities of the targets based on Fuzzedb https://github.com/fuzzdb-project/fuzzdb project UrlFuzz3r- AngryFuzz3r1 Discover hidden files and directories on a web server. The application tries to find URL...

CVE-2015-4519

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...

google_spider

This plugin finds new URLs using google. It will search for "site:domain.com" and do GET requests all the URLs found in the result. One configurable parameter exists: resultlimit Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- resultlimit | integer |...

dot_listing

This plugin searches for the .listing file in all the directories and subdirectories that are sent as input and if found it will try to discover new URLs from its content. The .listing file holds information about the list of files in the current directory. These files are created when download...

CVE-2010-0648

Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets0.href property value, relate...

CVE-2010-0648

CVE-2010-0648 affects Mozilla Firefox (possibly before 3.6). The vulnerability allows a remote attacker to cause a user’s session to reveal a redirect’s target URL by placing the site’s URL in the HREF of a LINK element for a stylesheet and reading document.styleSheets[0].href, related to an IFRA...

CVE-2010-0315

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the...

Code injection

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets0.href property value...

Unfixed XSS vulnerability at www.voyage-net.com

Security researcher Sheiry, has submitted on 26/07/2008 a cross-site-scripting XSS vulnerability affecting www.voyage-net.com, which at the time of submission ranked 209871 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/09/2008. It is...