275 matches found
OneNav Beta 0.9.12 Cross Site Scripting
Exploit Title: XSS-Stored - Brutal PWNED on OneNav beta 0.9.12 addlink feature Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.06.2021 Vendor: https://www.xiaoz.me/ Link: https://github.com/helloxz/onenav/releases/tag/0.9.12 CVE: CVE-2021-38138 + Exploit Source:...
CVE-2021-31807
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...
CVE-2021-31807
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...
Denial Of Service (DoS)
Squid is vulnerable to denial of service. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server causing an application crash...
Wallarm NG WAF is ranked as a “High Performer” by G2, Spring 2021!
We are proud to announce that Wallarm NG WAF was ranked as a “High performer” by G2 in the Web Application Firewall category. This award from the G2 platform confirms that our solution is highly rated by current verified Wallarm WAF users, who left unbiased reviews and answers to WAF-related...
GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
URL Directory Traversal Over HTTP Traffic (CVE-2021-21983)
URL Directory Traversal Over HTTP Traffic...
UNION Query-based SQL Injection Over HTTP Traffic (CVE-2018-17254; CVE-2020-18144; CVE-2020-29283; CVE-2020-29287; CVE-2020-29288; CVE-2020-35430; CVE-2021-24285)
UNION Query-based SQL Injection Over HTTP Traffic...
Cross Site Scripting Over HTTP Traffic (CVE-2020-17952; CVE-2021-26475; CVE-2021-26702; CVE-2021-26723; CVE-2021-39496; CVE-2021-39499)
Cross Site Scripting Over HTTP Traffic...
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
SOYAL Biometric Access Control System 5.0 Master Code Disclosure Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4.1...
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
Exploit Title: SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affect...
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The controller suffers from a cleartext transmission of sensitive information. Th...
Vulnerability fixed in FortiGate
Fortinet has fixed a vulnerability in FortiGate. The vulnerability allows an unauthenticated remote malicious person potentially able to bypass the proxy by sending non-HTTPS traffic such as SSH to port 80/443 of FortiGate. Fortinet has released updates to fix the vulnerability in FortiGate 6.4.3...
Fortinet FortiGate 安全漏洞
Fortinet FortiGate is a suite of network security platforms from the American company Fiat Fortinet. The platform provides firewall, antivirus and intrusion prevention IPS, application control, anti-spam, wireless controller, and WAN acceleration. A security vulnerability exists in FortiGate. The...
Arbitrary Command Injection Over HTTP Traffic (CVE-2020-19165; CVE-2020-24219; CVE-2020-28477; CVE-2021-26747; CVE-2021-27328)
Arbitrary Command Injection Over HTTP Traffic...
Protect
When traffic other than HTTP/S eg: SSH traffic, etc... traverses the FortiOS on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header...
Arbitrary Code Injection Over HTTP Traffic (CVE-2020-21176; CVE-2020-25042; CVE-2020-26248; CVE-2020-26712; CVE-2020-28994; CVE-2020-29284; CVE-2020-6308; CVE-2021-25912)
Arbitrary Code Injections Over HTTP Traffic...
Additional Analysis into the SUNBURST Backdoor | McAfee Blogs
ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...
CVE-2020-28216
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...