198 matches found
CyberArk Password Vault 10.6 - Authentication Bypass
Exploit Title: CyberArk Password Vault 10.6 - Authentication Bypass Date: 2019-10-16 Author: Daniel Martinez Adan adon90 Vendor: https://www.cyberark.com Software: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Collaborator: Luis Buendía...
. NET advanced code audit, the eleventh classes LosFormatter to deserialize vulnerability-vulnerability warning-the black bar safety net
LosFormatter is generally used to serialize and deserialize the Web form page's view statethe ViewState, if you want to put the ViewState through a database or other persistence devices to maintain, it requires the use of specific LosFormatter class to serialize/deserialized. It is encapsulated i...
Telerik Web UI Information Disclosure (CVE-2017-9248)
A security bypass vulnerability exists in Telerik Web UI. Successful exploitation of this vulnerability can lead to cross-site scripting, arbitrary file uploads and downloads, leak of MachineKey and compromise of the ASP.NET ViewState on the affected system...
U.S. Dept Of Defense: █████ - Pre-generation of VIEWSTATE allows CAC bypass
Summary: As of today, ███ is back online https://███████. █████████ allows users to check a box labeled Require CAC for Pick-up. This option requires users to present their CAC in order to download files. As explained by ███: Choosing this option, however, does add a significant degree of assuran...
Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server shipped with Jazz for Service Management
Summary There is a remote code execution vulnerability in the JSF Sun Reference Implementation 1.2 used by WebSphere Application Server. The JSF Sun Reference Implementation 1.2 is used as the default in WebSphere Application Server v7.0, other versions it is not the default. Vulnerability Detail...
The vulnerability of WebSphere Application Server application servers, related to errors in ViewState configuration, allows attackers to execute arbitrary code.
The vulnerability of WebSphere Application Server for application servers is related to errors in the configuration of ViewState. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server
Summary There is a remote code execution vulnerability in the JSF Sun Reference Implementation 1.2 used by WebSphere Application Server. The JSF Sun Reference Implementation 1.2 is used as the default in WebSphere Application Server v7.0, other versions it is not the default. Vulnerability Detail...
Remote Code Execution (RCE)
myfaces-impl is vulnerable to remote code execution RCE attacks. If the ViewState parameter in a JSF page is not encrypted, a malicious user can use it to inject arbitrary code that is executed when sent to the server to be deserialized...
Telerik Web UI contains cryptographic weakness
Overview The Telerik Web UI, versions R2 2017 2017.2.503 and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys. Description CWE-326: Inadequate Encryption Strength - CVE-2017-9248The Telerik.Web.UI.dll is vulnerable to a cryptographic...
Multiple Vulnerabilities in ASP.NET AJAX and Sitefinity Progress Telerik UI
ASP.NET AJAX is a control for ASP.NET; Sitefinity is an open source platform for building enterprise websites and intranets. Progress Telerik UI is a UI user interface for ASP.NET controls that handles AJAX, developed by American Telerik. A security vulnerability in Telerik.Web.UI.dll for Progres...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
CVE-2017-9248
CVE-2017-9248 affects Progress Telerik UI for ASP.NET AJAX (and Sitefinity) prior to R2 2017 SP1 / 10.0.6412.0. The vulnerability lies in Telerik.Web.UI.dll handling of the Telerik.Web.UI.DialogParametersEncryptionKey and the MachineKey, enabling an attacker to defeat cryptographic protection and...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
LocalTapiola: CSRF bypass + XSS on verkkopalvelu.tapiola.fi
Issue The reporter found an issue in verkkopalvelu.tapiola.fi which led to XSS and CSRF. The issue triggered only on IE, due to CORS implementation. To trigger the issue however, one needed to have a correct viewstate which in essence required manual manipulation. This made a potential attack mor...
pageadmin ViewState缺陷导致sql注入
简要描述: 此处省略50万条网站信息 1、.............. 2、.............. .............. 50.、http://www.pageadmin.net 影响页面甚多,还望厂商以及各站长能逐一检查 听说咱们出新功能了 乌云新增刷乌云币功能 连接http://zone.wooyun.org/content/16138 特地来试试好不好使 另外所用到的工具同样在“测试代码”中提供下载地址 详细说明: 具体分析: 1、查找一个动态页面 例如: /e/aspx/dataselect.aspx 参数:...
PageAdmin VIEWSTATE引发的血案
简要描述: 本想找个注入的,却发现Isstr 与其绕过不如(此处打码)直接来的痛快。 @wefgod 小弟弱弱的告诉你 ViewState不仅仅可以WooYun-2014-61699这样用,还可以这样滴哟 详细说明: 下载pageAdmin 反编译发现混淆过 蛋疼! 只好翻翻页面!各种页面各种翻 咿!尼玛 这是啥 ViewState"constr" 那就抄刀上阵吧 打开 :http://192.168.10.64:9992/e/member/index.aspx?s=1&type=memfavolst 复制然后 这是在本地搭建的 那试试官网 附上官网的...
GlassFish Application Server resourceNode/jmsConnectionNew.jsf - Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in th...
Oracle JavaServer Faces Multiple Partial Directory Traversals
The remote web server contains a JavaServer Faces application that is affected by multiple partial directory traversal vulnerabilities : - A defect exists in the handling of a resource identifier that allows for directory traversal within the application. - A defect exists in the handling of a...