EUVD-2018-8810

Malware in sbrugna...

Error: "StoreFront Monitor Probe Failed" on NetScaler

StoreFront monitor does not work on NetScaler and displays error "StoreFront Monitor Probe Failed". When http monitor is bound to StoreFront service, 200 OK is received in response and service shows as UP. When https monitor is bound to StoreFront service, it fails with error 404 Not Found...

Error: "HTTP Error 404" When Accessing StoreFront Through NetScaler Gateway

Error: "HTTP Error 404" when accessing StoreFront through NetScaler Gateway. This issue surfaces after changing the StoreFront base URL from HTTP to HTTPS. The following is the NetScaler Session Profile snippet:...

Unable to access Storefront link using IP address

There is a requirement to access the Storefront URL using IP address. Accessing the URL as https:///Citrix/Storeweb throwserror "HTTP Error 404. The requested resource is not found." Accessing the URL using FQDN/baseURL as https://Storefront.domain.com/Citrix/Storeweb or...

REST API for Add user to group returns error 400 instead of 404 when the user does not exist

h3. Issue Summary REST API for Add user to group returns error 400 instead of 404 when the user does not exist. According to the documentation of JIRA 8.5.3|https://docs.atlassian.com/software/jira/docs/api/REST/8.5.3/api/2/group-addUserToGroup when the user or group does not exist, an error 404...

Information Disclosure

Jakarta Tomcat is vulnerable to information disclosure. An Error 404 generates an error message that contains the full file system page of the current context with the physical path, allowing a remote attacker to perform further attacks against the server...

Oracle PeopleSoft 8.5x - Remote Code Execution

Oracle PeopleSoft 8.5x - Remote Code Execution Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux CVE :...

Oracle PeopleSoft 8.5x - Remote Code Execution

Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux CVE : CVE-2017-10366...

VideoIQ Camera - Local File Disclosure

"cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost 8080"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $port = $argv2; $pack = "GET /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..FILEPATH HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Connection:...

Quick CMS 6.1 Cross Site Request Forgery / Cross Site Scripting

-------------------------- - Exploit Title : Quick CMS CSRF/XSS - Vendor Homepage: http://opensolution.org - Software Link: - http://opensolution.org/download/home.html?sFile=Quick.Cmsv6.1-en.zip - Version : 6.1 - Date: 2016-21-01 - Tested On : Windows 7 / FireFox -------------------------- -...

aCMS 1.0 XSS / Content Spoofing / Information Leak

Hello list! These are Cross-Site Scripting, Content Spoofing and Information Leakage vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the first part of them. ------------------------- Affected products: ------------------------- Vulnerable are...

Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/47044/info Cetera eCommerce is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

Exero CMS 1.0.1 - theme Multiple Local File Inclusions

Exero CMS 1.0.1 - theme Multiple Local File Inclusions Exero CMS 1.0.1 theme Multiple Local File Inclusion Vulnerabilities Script : http://switch.dl.sourceforge.net/sourceforge/exerocms/ExeroCMS1-0-1.rar Home Page : http://ecms.getox.net/ POC :...

phpMyAdmin 2.6.4-pl1 Remote Directory Traversal Exploit

Exploit for unknown platform in category web applications ======================================================= phpMyAdmin 2.6.4-pl1 Remote Directory Traversal Exploit ======================================================= !/usr/bin/perl use IO::Socket; SecurityReason.com TEAM Maksymilian...

tomcat-3.1.path.txt

LoWNOISE Tomcat 3.1 Path Revealing Problem. ====PRODUCT: Release Build 3.1 of Tomcat from Apache Software Foundation. Tomcat is the combined JSP 1.1 and Servlets 2.2 reference implementation being developed under the Apache process. http://jakarta.apache.org ====PROBLEM: Path Revealing Problem0...