CVE-2020-15377

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery SSRF...

CVE-2020-15377

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery SSRF...

Server side request forgery (ssrf)

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery SSRF...

CVE-2020-15377

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery SSRF...

CVE-2020-15377

CVE-2020-15377 affects Broadcom/Brocade SANnav Webtools before version 2.1.1, where a misconfiguration enables unauthenticated SSRF to arbitrary hosts. The vulnerability arises from Webtools functionality that allows outgoing requests to external addresses, enabling an attacker to trigger request...

BSA-2021-1480

Security Advisory ID : BSA-2021-1480 Component : Webtools Revision : 1.0 Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration;this is commonly referred to as Server-Side Request Forgery SSRF. Attackers can utili...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

CVE-2020-26508

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

CVE-2020-26508

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

Code injection

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

Fedora: Security Advisory for eclipse-webtools (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: eclipse-webtools-3.18.0-4.fc32

Eclipse Webtools. This contains sub-packages for different sub-projects of Eclipse Webtools project, including Server Tools, SourceEditing Tools, Webservices Tools, Java EE Tools, JSF Tools, and Dali JPA Tools...

Cross site request forgery (csrf)

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...

CVE-2020-13155

CVE-2020-13155 concerns a CSRF vulnerability in the NukeViet 4.4 product, where the request to CSRF via clearsystem.php can inject HTML when the deltype parameter is used in the URI admin/index.php?nv=webtools&op=clearsystem. The affected component is the clearsystem functionality in NukeViet 4.4...

Palo Alto Software: Unauthorised access to pagespeed global admin at https://webtools.paloalto.com/

Summary: I came across this subdomain https://webtools.paloalto.com/ which took my attention, after a bit enumeration I found an endpoint which allows anyone to access PageSpeed Global Admin without any type of authentication. Vulnerable URL: https://webtools.paloalto.com/pagespeed-global-admin/...

Xxe

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

Apache OFBiz XML-RPC event handler code issue vulnerability

Apache OFBiz is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. XML-RPC event handler is one of the XML-RPC Remote Procedure Call Distributed Computing Protocol...

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

Design/Logic Flaw

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...