66 matches found
EUVD-2018-0800
Malware in sbrugna...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from incorrect boundary checking in gscgsarescue of gscgsa.c, which can be exploited by an attacker to cause an out-of-bounds read...
Rapid7 Added to Carahsoft GSA Schedule Contract
We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, State, and Local agencies through Carahsoft and its reseller partners. “With the ever-evolving threat landscape, it is...
U.S. General Services Administration: Web Cache Poisoning leading to DoS
Summary: acquisition-uat.gsa.gov is vulnerable to web cache poisoning that can lead to Denial of Service DoS in the application. Steps To Reproduce: 1. Visit https://acquisition-uat.gsa.gov/?letme=4449 to make sure the service is available. Note: letme=4449 is used as cache buster as we do not wa...
CVE-2019-25047
Greenbone Security Assistant GSA before 8.0.2 and Greenbone OS GOS before 5.0.10 allow XSS during 404 URL handling in gsad...
CVE-2019-25047
CVE-2019-25047 affects Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10. The flaw is an XSS in 404 URL handling in gsad. Exploitation context and impact are stated as cross-site scripting in affected web interfaces; patch versions have been released: GSA 8.0.2 ...
CVE-2018-25016
CVE-2018-25016 concerns Greenbone Security Assistant (GSA) and Greenbone OS (GOS). Affected versions are GSA prior to 7.0.3 and GOS prior to 5.0.0, where a host header injection vulnerability exists in the GSA web interface. The underlying issue is the handling of HTTP Host headers, enabling inje...
U.S. General Services Administration: Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer
Hi, Account takeover is possible through CSRF vulnerability at 'Change Security Question/Answer' & ' Change Password'. The endpoints - https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer & https://autochoice.fas.gsa.gov/AutoChoice/changePwOktaAnswer both are vulnerable to CSRF attack...
U.S. General Services Administration: IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user
Hey, I found an IDOR that allow anyone view other user result by changing USERID parameter. /reports/quizzes-taken-by-user.csv/USERID Step to Produce: Go to the Section quizzes-taken-by-user as Shown in the Screenshot attached. Step 2: Click on Download CSV. Step 3 Intercept the Request using the...
GSA Bounty: Denial of service via cache poisoning on https://www.data.gov/
An attacker can persistently block access to any on https://www.data.gov/ by using cache poisoning with the h0st headers to cause 502 response code。 To replicate: load https://www.data.gov/ in your browser. look the burp , add ?xyzxyz=1 as cache buster , and add h0st headers h0st: wrtqvavjigwdvoq...
GSA Bounty: Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint
Summary: Due to improper routes handling multiple malicious actions are possible. Attacker is able to call Class/Function/Param1/Param2 directly from source code. this may lead to call function that should be not accessible from GUI. Any Class from...
GSA Bounty: open redirect in eb9f.pivcac.prod.login.gov
poc: https://eb9f.pivcac.prod.login.gov/?nonce=wI0UglN84A06Q4z4JnkZVc3i1V8%3D&redirecturi=https%3A%2F%2Fgoogle.com%23%40secure.login.gov%2Flogin%2Fpivcac visit this and will redirect to google.com Impact phishing...
Greenbone OS < 5.0.0 Host Header Injection Vulnerability - Active Check
Greenbone OS is prone to an HTTP host header injection vulnerability in the Greenbone Security Assistant GSA web user interface. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
GSA Bounty: xmlrpc.php file enabled - data.gov
Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. this website www.data.gov has the xmlrpc.php file enabled. Impact This can be automated from multiple hosts and be used to cause a mass DDOS attack on the victim...
GSA Bounty: Stealing Users OAuth Tokens through redirect_uri parameter
I found that https://login.fr.cloud.gov/oauth/authorize has vulnerability by open redirect on oauth redirecturi which can lead to users oauth tokens being leaked to any malicious user. Step : 1, Clicked on link...
GSA Bounty: Blind Stored XSS In "Report a Problem" on www.data.gov/issue/
Step To Produce : 1. Open : https://www.data.gov/issue/ 2. fill "Issue Title" and "Description" With XSSHunter Payload 3. XSS Fired In https://labs.data.gov/crm/admin/report/662445 Impact Can steal admin cookies...
GSA Bounty: SSRF in Search.gov via ?url= parameter
Summary: https://search.usa.gov/helpdocs endpoint is vulnerable to SSRF via url parameter. The parameter is protected but can be bypassed using LF %0A. Steps To Reproduce: 1. Login to Search.gov and click help manual. 2. The following request was vulnerable. - Request GET...
XML External Entity Injection (XXE)
Fess is vulnerable to XML external entity injection XXE. The library does not prevent the GSA XML file parser from processing the malicious GSA XML files injected by the attacker...
XML External Entity (XXE) vulnerability in codelibs fess
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
CVE-2018-1000822
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...