UPS VDP: Admin Authentication Bypass Lead to Admin Account Takeover

Hello Team I found that i can bypass the login page of the Admin account by intercepting the respone of the login request of connectnb.ups.com subdomain and change status from false to true Steps To Reproduce: 1. Open https://connectnb.ups.com/Layout/login 2. Enter Admin as a Username and 1111 as...

CVE-2019-9733

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass: an unauthenticated user can exploit the X-Forwarded-For header to login as the admin by abusing the access-admin reset path, bypassing IP whitelists and potentially obtaining tokens to control all artifacts and repositories. Root cau...