Incorrect Authorization in serverless-offline

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

UPchieve: No rate Limit on Password Reset page on upchieve

Summary: Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status...

Privilege Escalation

serverless-offline is vulnerable to privilege escalation. The vulnerability exists in createAuthScheme function of createAuthScheme.js due to an insecure access control from a misinterpreted HTTP status code which allows an attacker to download a web content page via malicious URL...

CVE-2021-38384

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

CVE-2021-38384

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

Improper access control

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

CVE-2021-38384

CVE-2021-38384 affects Serverless Offline 8.0.0. The issue is that a route with a trailing / may yield a 403 in some contexts, while AWS/Lambda behavior can be 200, potentially granting higher permissions than intended due to an insecure access control interpretation. Root cause described as a mi...

Advisory ROSA-SA-2021-1858

Software: keepalived 1.3.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-19115 CVE-Crit: CRITICAL CVE-DESC: keepalived before 2.0.7 has a heap-based buffer overflow when analyzing HTTP status codes leading to DoS or possibly unspecified other impacts, because extractstatuscode in lib / html.c does not check th...

Microsoft Edge using MDX microVPN to connect to Citrix Gateway is seen to redirect many times unexpectedly

When using Microsoft Edge, you may experience random loading of Bookmarked websites, previously visited websites or other unexpected browser redirects HTTP 302, to websites which the user has not chosen to load at the time. Other errors found on closer log examination may appear similar to the...

CVE-2020-1710

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC72301 as it returns a 200 instead of a 400...

EAP: field-name is not parsed in accordance to RFC7230

A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...

Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://projectworlds.in/ Software Link:...

Siemens Desigo PX 6.00 Denial Of Service

!/bin/bash Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Vendor: Siemens AG Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version: Model: PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D...

NewStart CGSL CORE 5.04 / MAIN 5.04 : keepalived Vulnerability (NS-SA-2019-0051)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has keepalived packages installed that are affected by a vulnerability: - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allows malicio...

EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2019-1770)

According to the versions of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server...

EulerOS 2.0 SP2 : keepalived (EulerOS-SA-2019-1739)

According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allow...

Man-in-the-Middle (MitM)

firefox/thunderbird is vulnerable to man-in-the-middle attacks. The address bar can be spoofed by operating a proxy server that provides a 407 HTTP status code accompanied by a malicious web script...

CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...

JCS - Joomla Vulnerability Component Scanner

JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...

How in the JSON endpoint on the use of CSRF vulnerabilities-vulnerability warning-the black bar safety net

! （CSRF + Flash + HTTP 307）=don't say you have“dead”! If you want to go through a third-party attacker control of the server in the JSON endpoint using a CSRF vulnerability, I give you recommend one called json-flash-csrf-poc GitHub project【download】 it. Background story In a recent penetration...