CVE-2019-6568

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with...

CVE-2019-6568

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with...

Design/Logic Flaw

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with...

CVE-2019-6568

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with...

CVE-2019-6568

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with...

Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)

Exploit Title: Linux/x86 cat file encode to base64 and post via curl to webserver 125 bytes Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 125...

Apache Airflow Cross-Site Request Forgery Vulnerability (CNVD-2019-13855)

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site request forgery vulnerability exists in the airflow webserver...

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2019-13853)

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in the airflow webserver servi...

Cross-Site Request Forgery (CSRF)

apache-airflow is vulnerable to cross-site request forgery CSRF. A lack of request verification did not allow the webserver to determine the authenticity of HTTP requests, allowing a remote attacker to perform CSRF attacks...

CVE-2019-0229

A number of HTTP endpoints in the Airflow webserver both RBAC and classic did not have adequate protection and were vulnerable to cross-site request forgery attacks...

CVE-2019-0229

A number of HTTP endpoints in the Airflow webserver both RBAC and classic did not have adequate protection and were vulnerable to cross-site request forgery attacks...

Cross site request forgery (csrf)

A number of HTTP endpoints in the Airflow webserver both RBAC and classic did not have adequate protection and were vulnerable to cross-site request forgery attacks...

PYSEC-2019-215

A number of HTTP endpoints in the Airflow webserver both RBAC and classic did not have adequate protection and were vulnerable to cross-site request forgery attacks...

PYSEC-2019-215

A number of HTTP endpoints in the Airflow webserver both RBAC and classic did not have adequate protection and were vulnerable to cross-site request forgery attacks...

CVE-2019-0229

The CVE-2019-0229 entry concerns cross-site request forgery (CSRF) in the Airflow webserver. The affected surface is multiple HTTP endpoints in both the RBAC and classic Airflow webservers, where protections against CSRF are insufficient. Root cause cited across connected sources is lack of adequ...

CVE-2019-0229

A number of HTTP endpoints in the Airflow webserver both RBAC and classic did not have adequate protection and were vulnerable to cross-site request forgery attacks...

CVE-2019-10664

Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp...

CVE-2019-10664

Domoticz exposure CVE-2019-10664 affects versions before 4.10578, where an SQL Injection is possible via the idx parameter in CWebServer::GetFloorplanImage (WebServer.cpp). Root cause is unsafeguarded SQL handling in the web server component. Reported impact includes potential escalation of acces...

DASAN H660RM Information Disclosure / Hardcoded Key Vulnerability

DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp. DASAN H660RM Information Disclosure / Hardcoded Key CVE-2019-9974: diagtool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without...

DASAN H660RM Information Disclosure / Hardcoded Key

Hi! CVE-2019-9974: diagtool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks Remote attacker could enumerate hosts on LAN interface sending requests to /cgi-bin/diagtool.cgi with ip...