Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1666 advisory. - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-318...

Oracle Linux 8 : openwsman (ELSA-2019-0972)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0972 advisory. - Fix CVE-2019-3816 Resolves: 1693972 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

CVE-2023-20263

CVE-2023-20263 affects Cisco HyperFlex HX Data Platform, specifically the web-based management interface. The issue arises from improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and potentially redirect th...

CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

OpenCart CMS 4.0.2.2 Brute Force

Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability Date: 5-9-2023 Category: Web Application CMS Exploit Author: Rajdip Dey Sarkar Version: 4.0.2.2 Tested on: Windows/Kali CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version 4.0.2.2 is susceptible to login brute-force...

CVE-2023-4310

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

Command injection

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

CVE-2023-4310

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

CVE-2023-4310

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

Security Bulletin: Due to use of NodeJS, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities.

Summary NodeJS is used by multiple components of IBM Cloud Pak for Multicloud Management Monitoring as a runtime environment Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly che...

Security Bulletin: IBM Cognos Dashboards on IBM Cloud Pak for Data has addressed security vulnerabilities (CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222, CVE-2023-26136)

Summary A Remote Code Execution RCE vulnerability in Salesforce tough-cookie CVE-2023-26136 and vulnerabilities reported in the Node.js July 2022 Security Release CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222 have been resolved in IBM Cognos Dashboards on IBM Clou...

Citrix FAS Server registration failure with Citrix cloud

FAS Server fails to register with the Citrix Cloud. Exception: System.Net.Http.HttpRequestException: An error occurred while sending the request. --- System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. --- System.IO.IOException: Unable to read da...

CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)

The version of rubygem-protocol-http1 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38697 advisory. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section...

SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:3455-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3455-1 advisory. - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed...

Cross site request forgery (csrf)

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP request splitting attacks due to an error using modproxy as described in the vulnerability details section. IBM i has addressed the vulnerability by providing a fix to the Apache HTTP Server implementation as described in t...

CVE-2023-41265

CVE-2023-41265 affects Qlik Sense Enterprise for Windows. The issue is an HTTP Request Smuggling vulnerability caused by tunneling HTTP requests in the raw HTTP traffic, enabling a remote attacker to escalate privileges by crafting requests that execute on the backend repository server. Affected ...

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2023-66732)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An information disclosure vulnerability exists in IBM...