52 matches found
CHIYU科技BF-630W 跨站脚本漏洞
BF-630W is a web-based fingerprint-secured single-door biometric reader controller from CHIYU Technology CHIYU Technology suffers from a cross-site scripting vulnerability that stems from an unauthenticated XSS vulnerability in several CHIYU Technology IoT devices, including BF-630, BF-450M,...
CHIYU BF-630W 跨站脚本漏洞
BF-630W is a web-based fingerprint-secured single-door biometric reader controller from CHIYU Technology CHIYU Technology suffers from a cross-site scripting vulnerability that stems from an unauthenticated XSS vulnerability in several CHIYU Technology IoT devices, including BF-630, BF-450M,...
Mail.ru: [geekbrains.ru] Node modules path disclosure due to lack of error handling
Full stack error trace at HTTP 404-error on nexus.geekbrains.ru discloses the full path of the Node.js module directory on the server...
Cross-Site Scripting (XSS)
hawkbit-update-server is vulnerable to cross-site scripting. The vulnerability exist as the JSON body response for HTTP 404 error contains unsafe URL path characters...
CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
Design/Logic Flaw
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
CVE-2020-27219
CVE-2020-27219 affects Eclipse Hawkbit prior to 0.3.0M7. The REST API may return a 404 Not Found JSON response that includes the full, unescaped request path, exposing unsafe characters. This could disclose internal URL structure to an attacker that POSTs to a non-existent resource. Root cause: u...
CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
Siemens Desigo PX 6.00 - Denial of Service (PoC)
Title: Siemens Desigo PX 6.00 - Denial of Service PoC Author: LiquidWorm Date: 2019-11-14 Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version:6.00 Affected version: Model: PXC00-E.D, PXC50-E.D,...
GSA Bounty: Cache poisoning DoS to various TTS assets
I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the Cloudfoundry app in question is behind a web cache like Cloudfront or Cloudflare etc, it will possibly sto...
ZEIT: Unauthorized admission to any team in zeit.co
step no.1: open : https://zeit.co/teams/invite/ XXXX and this is a code "CzKyCgbB" of joining in a team called "maxhacker" if we generate a list consists of 8 capital and small letters with any generate tools F565462 knowing that the invitation code of any team is constant...
Description of the security update for SharePoint Enterprise Server 2016: October 9, 2018
Description of the security update for SharePoint Enterprise Server 2016: October 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, se...
Description of the security update for SharePoint Enterprise Server 2013: October 9, 2018
Description of the security update for SharePoint Enterprise Server 2013: October 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, se...
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...
Cross site scripting
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...
CVE-2018-1999007
CVE-2018-1999007 is a cross-site scripting vulnerability in Jenkins up to version 2.132 (and 2.121.1 and earlier for some components) involving the Stapler web framework. When Stapler debug mode is enabled, error/404 pages could display unescaped URL parts, allowing an attacker who can influence ...
Design/Logic Flaw
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors...