62 matches found
CVE-2023-7078
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
Security Bulletin: Multiple vulnerabilities in IBM Storage Scale Container Native could allow access to container outside the current namespace
Summary Multipe security vulnerabilities have been identified in IBM Storage Scale Container Native that could allow access to container outside the current namespace. A fix for these vulnerabilities is available. Vulnerability Details CVEID:CVE-2022-41738 DESCRIPTION: IBM Spectrum Scale could...
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit
Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...
K74759095: SafeNet External Network HSM script vulnerability CVE-2017-6165
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM...
ChurchCRM 4.4.5 SQL Injection
Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection PWN cookie...
ChurchCRM 4.4.5 SQL injection session hijacking Vulnerability
Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection hijacking sessio...
CVE-2021-22799
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...
CVE-2021-33190
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...
CVE-2021-20999
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...
Spoofing
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...
Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series
Overview Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Incorrect Implementation of Authentication Algorithm CWE-303 - CVE-2020-5686 NEC Platforms,...
Mail.ru: Открытый Confluence и доступы к чату операторов в Skype
Confluence opened to external network without authentication on city-mobil.ru...
Ruby on Rails: Server-side template injection at ujs test server
I have found in the server code for testing ujs in Rails that template injection is possible and that leads to rce. code https://github.com/rails/rails/blob/v6.0.3.2/actionview/test/ujs/server.rb ruby module UJS class Server Blade::Assets.environment get "/" = "testsindex" match "/echo" =...
CVE-2020-5372
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment...
Design/Logic Flaw
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment...
CVE-2020-5372
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment...
Mail.ru: Access admin interface via bad credentials
Staging testing version of plazius.ru manager's interface was available from external network with guessable default credentials. This interface had no access to production data...
Mail.ru: Открытая админка 1C эмулятора
Staging testing versions of 1C-emulator and Adminer interfaces was available from external network without authentication on geekbrains.ru. This interfaces had no access to production data...
CVE-2020-8135
The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...
ReconCobra - Complete Automated Pentest Framework For Information Gathering
ReconCobra Reconcobra is Foot printing software for Ultimate Information Gathering Kali, Parrot OS, Black Arch, Termux, Android Led TV Interface Software have 82 Options with full automation with powerful information gathering capability In-Action !https://blogger.googleuser...