195 matches found
CVE-2019-11489
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...
RATELIMITED: HTTP PUT method is enabled downloader.ratelimited.me
Summary: Found on HTTP PUT sites enabled on web servers. I tried testing to write the file / codelayer137.txt uploaded to the server using the PUT verb, and the contents of the file were then taken using the GET verb Steps To Reproduce: Request: PUT /codeslayer137.txt HTTP/1.1 Host:...
Remote Code Execution
tomcat-catalina is vulnerable to remote code execution. With HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...
RATELIMITED: HTTP PUT method is enabled ratelimited.me
Found on HTTP PUT sites enabled on web servers. I tried testing to write the file / codelayer137.txt uploaded to the server using the PUT verb, and the contents of the file were then taken using the GET verb. the following is POC Request: PUT /codeslayer137.txt HTTP/1.1 Host: ratelimited.me...
Authorization Bypass
openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...
RATELIMITED: HTTP PUT method enabled
Hi security team, Summary: It is possible to upload files to the server using the PUT method Steps To Reproduce: I used the following request: PUT /emitrani.txt HTTP/1.1 Host: ratelimited.me Content-Length: 10 Connection: close Now a file exists at https://ratelimited.me/emitrani.txt with content...
[SECURITY] Fedora 27 Update: curl-7.55.1-11.fc27
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
GitBucket 4.23.1 - Remote Code Execution
GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...
tomcat: Remote Code Execution via JSP Upload
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...
tomcat: Remote Code Execution bypass for CVE-2017-12615
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...
tomcat: Remote Code Execution bypass for CVE-2017-12615
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
[SECURITY] Fedora 27 Update: curl-7.55.1-8.fc27
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
[SECURITY] Fedora 26 Update: curl-7.53.1-13.fc26
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
[SECURITY] [DLA 1166-2] tomcat7 regression update
Package : tomcat7 Version : 7.0.28-4+deb7u17 Debian Bug : 881162 The update for tomcat7 issued as DLA-1166-1 caused a regressions whereby every request, including for the root document /, returned HTTP status 404. Updated packages are now available to address this problem. For reference, the...
MGASA-2017-0400 Updated tomcat packages fix security vulnerability
When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...
EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it...
tomcat: Remote Code Execution via JSP Upload
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...
Important: Red Hat Security Advisory: tomcat security update
An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...