CVE-2024-41668

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

vuln_scanner

Plateforme de Scan & Analyse de Vulnérabilités Vulnscanner...

Zed Attack Proxy 2.17.0 Cross Platform Package

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

EUVD-2022-1452

Malicious code in bioql PyPI...

CVE-2021-40172

Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings...

PT-2025-20599 · Unknown · Code-Server

Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.99.4 Description: The issue allows an attacker to gain access to the session token through a maliciously crafted URL using the proxy subpath. This can result in the attacker proxying to an arbitrary domain,...

Zed Attack Proxy 2.16.0 Cross Platform Package

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

Pydio Cells 4.1.2 - Unauthorised Role Assignments Vulnerability

Exploit Title: Pydio Cells 4.1.2 - Unauthorised Role Assignments Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Privilege Escalation Security Risk: high Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

OWASP Zed Attack Proxy 信任管理问题漏洞

OWASP Zed Attack Proxy ZAP is an open source web application security scanner from the OWASP Foundation in the United States. It is intended for use by people new to application security as well as professional penetration testers. A trust management issue vulnerability exists in the w2022-03-21...

Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fc100ff65f676a26293915407adc211cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Port Bounce Scan MITM Description: The malware listens ...

U.S. Dept Of Defense: External Service Interaction | https://█████████.mil

Description: I am able to trick web server ███████.mil into making DNS and HTTP requests to my vps server and burp collaborator. Walkthrough Section: 1. Create an account using the registration form https://████████.mil/█████/accounts/register/ ███████ 2. Provide the required information to creat...

U.S. Dept Of Defense: External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter)

Greetings, i've find a External service interaction HTTP/DNS on https://www.███████ External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service...

Web Security Dojo

Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions are available for download. Dojo is an open source project intended to be used as a training environment, and shouldn’t be used as a pen-testing platform due to the...

[OWASP Zed Attack Proxy 2.2.1] Tool for finding vulnerabilities in web applications (Now supports CWE)

OWASP Zed Attack Proxy ZAP An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing...