Cross site scripting

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

Amazon Linux AMI : squid (ALAS-2020-1386)

The version of squid installed on the remote host is prior to 3.5.20-15.39. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1386 advisory. An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gai...

Yii2 Gii Remote Code Execution

This article is written specifically for web developers who use a module. We will tell you how we got access to sensitive data on a staging server through Yii2 Gii Remote Code: First to the testing environment, and then to the production. Spoiler: We have notified the module developer about the...

Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is bundled by IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...

PhantomJS Arbitrary File Read Vulnerability

PhantomJS is a headless browser for automating web interactions. A security vulnerability exists in the 'page.open' function of the web module in PhantomJS 2.1.1 and earlier versions. The vulnerability can be exploited by an attacker to read arbitrary files on the file system with the help of...

USN-4059-1 squid, squid3 vulnerabilities

It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-19132 It was discovered that Squid incorrect...

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

Design/Logic Flaw

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

UBUNTU-CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

GAT-Ship Web Module 1.30 Information Disclosure Vulnerability

Exploit for multiple platform in category web applications GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...

CVE-2019-12163

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

CVE-2019-12163

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

Cross site request forgery (csrf)

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

CVE-2019-12163

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

CVE-2019-12163

GAT-Ship Web Module prior to 1.31 is vulnerable to information disclosure via the ws/gatshipWs.asmx/SqlVersion endpoint. The root cause is exposure of potentially sensitive data through that API call. Affected versions: earlier than 1.31. Remediation: upgrade to 1.31 or later; as a temporary cont...

GAT-Ship Web Module 1.30 Information Disclosure

GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...

GAT-Ship Web Module Unrestricted File Upload Vulnerability

Exploit for asp platform in category web applications GAT-Ship Web Module before the current version 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx" Fix: Upgrad...