18 matches found
GHSA-JJ4J-X5WW-CWH9 Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden
Summary Certain bulk action calls with a beforetransaction hook and no aftertransaction hook, will call the beforetransaction hook before authorization is checked and a Forbidden error is returned, when called as a bulk action. The impact is that a malicious user could cause a beforetransaction t...
Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden
Summary Certain bulk action calls with a beforetransaction hook and no aftertransaction hook, will call the beforetransaction hook before authorization is checked and a Forbidden error is returned, when called as a bulk action. The impact is that a malicious user could cause a beforetransaction t...
"Cannot complete your request." After Azure AD/SAML Authentication
External access via ADC with Azure AD MFA Authentication and redirected to StoreFront Store Receiver for Website receives "Cannot complete your request." notification. The following Event IDs are displayed in the Log Name: Citrix Delivery ServicesSource: Citrix Domain ServicesDate:Event ID: 1Task...
in janeczku/calibre-web
βοΈ Description A user can see the name of another user's private shelf through a forbidden error. π΅οΈββοΈ Proof of Concept 1. As user 1, try to add a book to a user 2's shelf: GET /shelf/add/2/2 2. See the returned error: Sorry you are not allowed to add a book to the the shelf: shelf test2 This is...
Cannot access the url for SSPR: Getting HTTP error 403.14 :Forbidden
Setup for user configuration has been done. Now when I try to access the sspr url; it doesnt go through. Tried on one machineSSPR server and with one user...
Rockstar Games: Full path Disclosure in Rockstargames.comββββββββββ
Browsing this link http://www.rockstargames.comββββββ gives forbidden error. Its good but also it displays the full path of the current directory . Refer screenshot attached...
Error: "Cannot complete your request" while accessing on premise XenApp 7.9 Resources by a user from Azure Active Directory.
When users from Azure domain are trying to access resources published via XenApp 7.9 on your premise, they receive this error: "Cannot complete your request". On looking at the Storefront debug logs, you see that storefront does a Callback: 00001779 3:27:23 AM 8248 Authenticate Perform callback A...
Error: 403 forbidden | Post authentication when accessing through NetScaler Gateway
We see 403 forbidden error post authentication when accessing the apps through Netscaler Gateway...
Error: "403 - Forbidden: Access is Denied" After Log on to NetScaler Gateway
The following error is displayed after logging on to NetScaler Gateway: "403 - Forbidden: Access is denied."...
Onlineon E-Ticaret Database Disclosure Exploit
Exploit for asp platform in category web applications !/usr/bin/env python -- coding:cp1254 -- Title : Onlineon E-Ticaret Database Disclosure Exploit .py dork : inurl:"default.asp?git=sepet" Author : ZoRLu Download : http://www.onlineonweb.com/eticaret.html Demo : http://ayvalikkokluzeytincilik.c...
Acritum Femitter Server 1.03 - Multiple Vulnerabilities
No description provided by source. --= Tested on: XP sp 2 Acritum Femitter Server v1.03 is a HTTP and FTP Server for Windows. I came up with few vulnerabilities of this .. some vulns are already has been revelied but some are not so lets have a look HTTP Server ----------- In the Femitter Server...
shopex v4. x proof of the physical path-vulnerability warning-the black bar safety net
Brief description: The buffer data file the content is too messy, syntax errors result in the explosion path Detailed description: /home/cache/cachedata.php the buffer data file broke the physical path Vulnerability proof: ! Repair solutions: Direct exit orweb serverforbidden error is returned...
Acritum Femitter Server 1.03 Directory Traversal
--= Exploit Title: Acritum Femitter Server v1.03 Multiple Vulnerabilities --= Date: 2/5/2010 --= Author: Zer0 Thunder --= Software Link: http://acritum.com/dist/fem-dist.exe --= Version: v1.03 --= Tested on: XP sp 2 Acritum Femitter Server v1.03 is a HTTP and FTP Server for Windows. I came up wit...
Acritum Femitter Server 1.03 - Multiple Vulnerabilities
--= Tested on: XP sp 2 Acritum Femitter Server v1.03 is a HTTP and FTP Server for Windows. I came up with few vulnerabilities of this .. some vulns are already has been revelied but some are not so lets have a look HTTP Server ----------- In the Femitter Server Application HTTP tab there are few...
Acritum Femitter Server 1.03 - Multiple Vulnerabilities
Acritum Femitter Server 1.03 - Multiple Vulnerabilities --= Tested on: XP sp 2 Acritum Femitter Server v1.03 is a HTTP and FTP Server for Windows. I came up with few vulnerabilities of this .. some vulns are already has been revelied but some are not so lets have a look HTTP Server ----------- In...
Acritum Femitter Server v1.03 Multiple Vulnerabilities
Exploit for windows platform in category remote exploits ====================================================== Acritum Femitter Server v1.03 Multiple Vulnerabilities ====================================================== --= Tested on: XP sp 2 Acritum Femitter Server v1.03 is a HTTP and FTP Serv...
CVE-2008-2168
Cross-site scripting XSS vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page...
CVE-2001-1202
CVE-2001-1202 affects DeleGate versions 7.7.0 and 7.7.1. The root cause is that scripting commands are not quoted in a 403 Forbidden error page, enabling remote attackers to trigger crossβsite scripting by using a URL that generates an error. Consequence is arbitrary Javascript execution on other...