Error: "HTTP/1.1 Gateway Timeout" When Using NetScaler with Secure Web

After launching Secure Web Gateway, some websites report an error message "HTTP/1.1 Gateway Timeout". This is common with ADFS...

CVE-2018-10949

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors...

Users unable to launch the published desktops and applications - XML errors on StoreFront servers

Event ID 0, Task Category 12346: No available resource found for user [email protected] when accessing desktop group "Remote Desktop - ABCXYZ". This message was reported from the Citrix XML Service at address http://xxx.yyy.zzz/scripts/wpnbr.dll NFuseProtocol.TRequestAddress. Event ID 28, Task Category...

CVE-2017-1515

IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825...

Cert Based Authentication + LDAP Enrollment failing for Cloud connector- XenMobile Setup

Under PKI entities, the test connectivity is failing for the CA server XenMobile Debug Logs : 2017-02-06T15:30:57.847+0000 | 200B97A4C77E1C34 | ERROR | http-nio-14443-exec-61 | com.sparus.nps.pki.connector.MsCertSrvConnector |TestConnection to pki url certnew.cer failed with response Headers:...

Smart Card Authentication Fails with HTTP Error 403 Forbidden

...

Error: "HTTP 404 Not Found" When Accessing StoreFront Through NetScaler Gateway

After you enter your credentials on the NetScaler Gateway login page the following error is displayed: HTTP 404 Page Not Found...

Attackers Embracing Steganography to Hide Communication

Encouraged by patterns carried out on a larger scale recently, researchers believe digital steganography has arrived as a legitimate method for attackers to use when it comes to obscuring communication between command and control servers. In a presentation last week at Black Hat Europe researcher...

Medium: httpd24

Issue Overview: It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

用友某分战SQL注入第五弹

简要描述： 又来一发。。 详细说明： 注入URL： http://u9service.yonyou.com/servicehome/kmview.aspx?postid=ZS20100530204 sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org ! legal disclaimer: Usage of sqlmap for attacking targets without prior mutu consent is illegal. It is the end...

Veeam Explorer for Exchange (VEX) Restore Failure - HTTP Error 501 – Load Balancer

Challenge The following KB is only relevant if a Load Balancer is being used. When attempting to use the "Restore to " function the restore fails with "HTTP Error 501". The following will be found in the logs: Item restore failed: The request failed with HTTP status 501: Invalid Request. Error:...

Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4486/info A Cross Site Scripting issue exists in some versions of IIS. The HTTP Error Page created by IIS may, under some circumstances, contain HTML content which includes unsanitized user supplied input. An attacker may...

xWeblog 2.2 - (arsiv.asp tarih) SQL Injection Exploit

No description provided by source. !/usr/bin/env python -- coding:utf-8 -- ''' Title : xWeblog v2.2 arsiv.asp tarih SQL Injection Exploit .py Proof : http://img408.imageshack.us/img408/7624/sqlm.jpg Script Down. : http://www.aspdunyasi.com/goster.asp?id=19 Tested : Windows XP Professional sp3...

Microsoft Internet Explorer 5 Custom HTTP Error HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7939/info An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages also known as Friendly HTTP...

WRT120N 1.0.0.7 - Remote Stack Overflow

WRT120N 1.0.0.7 - Remote Stack Overflow !/usr/bin/env python WRT120N v1.0.0.7 stack overflow, ROP to 4-byte overwrite which clears the admin password. Craig Heffner http://www.devttys0.com 2014-02-14 import sys import urllib2 try: target = sys.argv1 except IndexError: print "Usage: %s " % sys.arg...

Linksys E1500 Directory Traversal Vulnerability

This module exploits a directory traversal vulnerability which is present in different Linksys home routers, like the E1500. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys E1500...

Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)

Siemens Simatic S7-300 - PLC Remote Memory Viewer Metasploit Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class...

Multiple HTTP Error Responses (CVE-2010-3332)

ASP.NET is a collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. A remote attacker may exploit this issue to read data, such as the View State, which was encrypted by the server. This vulnerability is caused by ASP.NET providi...

DEBIAN-CVE-2010-0408

The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...

HTTP Error Based SQL Injection Scanner

This module identifies the existence of Error Based SQL injection issues. Still requires a lot of work This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Error Based SQL Injection Scanner',...