873 matches found
Vanilla: Web cache deception attack on https://open.vanillaforums.com/messages/all
I have found a Vulnerability in vanilla forums which called Web cache deception attack. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Websites often tend to use web cache functionality...
WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery
Exploit Title : WordPress Inkblot Themes 4.9.10 Cross Site Request Forgery Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 22/05/2019 Vendor Homepage : wordpress.org - gravityforms.com Software Download Link : github.com/mgsisk/inkblot/archive/master.zip Softwar...
Used to bypass the posture formed SSRF acquiring India's biggest stock broker company AWS password credentials-vulnerability warning-the black bar safety net
Hello everyone, today share of it is the author in response to India's biggest stock broker company for security testing, by different levels of the bypassing techniques Bypass, and eventually acquired the company AWS password credentials in the process. Where to WAF bypassing, as well as further...
ok.ru: [okmedia.insideok.ru] Web Cache Poisoing & XSS
XSS and Web Cache Poisoning at .insideok.ru via X-Forwarded-Host header Web Cache Poisoing & XSS okmedia.insideok.ru...
OLX: web cache deception in https://tradus.com lead to name/user_id enumeration and other info
summary Hi OLX team, i found a web cache deception vulnerability in https://tradus.com. With this vulnerability an attacker can gain access to the name of the victim user, the userid and other informations. Attack scenario 1 an attacker send to the victim a link to the malicious page like the PoC...
Mail.ru: Web Cache Poisoning
Reverse proxy cache poisoning via host header content could lead to stored XSS in uxui.geekbrains.ru...
Smule: Web cache poisoning leads to disclosure of CSRF token and sensitive information
Summary: The page https://www.smule.com/s/smulegroups/usergroups/username is vulnerable to web cache poisoning. Description: The page https://www.smule.com/s/smulegroups/usergroups/username is vulnerable to web cache poisoning, on adding X-Forwarded-Host header to the request multiple request lin...
Postmates: Web cache poisoning attack leads to user information and more
Hello, Your Web-Server is vulnerable to web cache poisoning attacks. This means, that the attacker are able to get another user informations. If you are logged in and visit this website For example: https://postmates.com/SomeRandomText.css Then the server will store the information in the cache,...
The vulnerability of the ESI/Partial Page Caching component of the Oracle Web Cache proxy server allows a hacker to gain unauthorized access to protected data.
The vulnerability of the ESI/Partial Page Caching component of the Oracle Web Cache proxy server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...
Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager(CVE-2015-3183)
Summary There are vulnerabilities reported in IBM Websphere 7.0.0.37. IBM Tivoli Netcool Configuration Manager is affected by the following. Request smuggling vulnerability may affect the IBM HTTP Server used by IBM WebSphere Application Server Vulnerability Details CVEID: CVE-2015-3183...
CVE-2019-2438
Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware subcomponent: ESI/Partial Page Caching. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache...
Design/Logic Flaw
Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware subcomponent: ESI/Partial Page Caching. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache...
CVE-2019-2438
Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware subcomponent: ESI/Partial Page Caching. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache...
CVE-2019-2438
Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware subcomponent: ESI/Partial Page Caching. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache...
CVE-2019-2438
The CVE-2019-2438 entry concerns Oracle Fusion Middleware’s Oracle Web Cache component (ESI/Partial Page Caching). Affected version is 11.1.1.9.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache, with exploitation described as diffi...
Oracle Fusion Middleware Web Cache Access Control Error Vulnerability
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments.Web Cache is one of the server gas pedal i.e., reverse proxy components. An access control error vulnerability exists in Oracle Fusion Middleware Web Cache. An...
HTTP Response Splitting
ruby is vulnerable to HTTP response splitting. An attacker is able to inject arbitrary data into an HTTP response of the WEBrick server, allowing cross-site scripting attacks, web cache poisoning or similar exploits...
Cross-site Scripting (XSS) Or Information Disclosure
Apache Tomcat is vulnerable to cross-site scripting XSS attacks and information disclosure. It permits invalid characters when parsing the HTTP request line. Attackers can exploit it, in conjunction with a proxy that also permits the invalid characters but with a different interpretation, to inje...
Cross site scripting
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split respons...
CVE-2018-1474
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split respons...