106 matches found
CVE-2019-19002 ABB eSOMS X-XSS-Protection not enabled
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting...
Trend Micro Worry-Free Business Security (WFBS) Multiple Vulnerabilities (1114098)
The remote host is running a version of the Trend Micro WFBS which is affected by multiple vulnerabilities. An attacker who has already gained a foothold on the local WFBS server may manipulate configuration variables in order to access files outside of the web root folder or modify HTTP response...
CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net
This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...
CVE-2018-11347
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...
Design/Logic Flaw
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...
CVE-2018-11347
The CVE-2018-11347 entry concerns the YunoHost web application (versions 2.7.2 through 2.7.14). Affected component/issue: HTTP Response Header Injection, enabling an attacker to inject one or more HTTP headers in server responses. Attack requirements: user interaction is needed (the attacker must...
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Softwa...
Updated nikto packages fix security vulnerability
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report CVE-2018-11652...
CVE-2018-2432
CVE-2018-2432 affects SAP BusinessObjects BI Launchpad and Central Management Console (versions 4.10, 4.20, 4.30). The issue allows an attacker to include invalid data in the HTTP response header sent to a web user, enabling cross-site scripting and page hijacking as stated in the public descript...
CVE-2018-2432
SAP BusinessObjects Business Intelligence BI Launchpad and Central Management Console versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including:...
Nikto 2.1.6 - CSV Injection
Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...
Nikto 2.1.6 CSV Injection
Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...
Nikto 2.1.6 - CSV Injection
Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...
Microsoft Open Redirect
Exploit Title: Open Redirect at Microsoft Date: 28.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.microsoft.com/ Software : Microsoft Service Website Software Version : 1.0.0 Vulnerability : Open Redirect CWE : CWE-601: URL Redirection to Untrusted Site 'Open Redirect'...
CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)
NetTransport 2.96L - Remote Buffer Overflow DEP Bypass !/usr/bin/pythion Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L DEP Bypass CVE: CVE-2017-17968 Date: 28-12-2017 Software Link: http://xi-soft.com/downloads/NXSetupx86.zip Exploit Author: Author: Aloyce J...
GetGo Download Manager 5.3.0.2712 - Buffer Overflow
GetGo Download Manager 5.3.0.2712 - Buffer Overflow Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link:...
GetGo Download Manager 5.3.0.2712 Buffer Overflow
Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link: http://www.getgosoft.com/getgodm/ Category: webapps Attack...
Design/Logic Flaw
Web Server method disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to exploit and find another hole via HTTP response header...