34 matches found
Privilege Escalation
apache2 is vulnerable to privilege escalation. The vulnerability exists due to a lack of HTTP validation, authentication or authorization possibly configured...
CVE-2019-17567
Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...
CVE-2019-17567
Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...
CVE-2019-17567 mod_proxy_wstunnel tunneling of non Upgraded connections
Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...
SUSE: Security Advisory (SUSE-SU-2016:2470-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-3304
CVE-2020-3304 affects Cisco ASA and Firepower Threat Defense (FTD) web interfaces. The issue stems from improper HTTP input validation, allowing an unauthenticated, remote attacker to craft an HTTP request that can trigger a reload of the affected device, causing a DoS. Impact is limited to the w...
Node.js third-party modules: Bypass of SSRF Vulnerability
Bypass of SSRF report https://hackerone.com/reports/793704 Fix applied after reporting the actual report did not prevent from SSRF issue. https://github.com/TryGhost/Ghost/commit/47739396705519a36018686894d1373e9eb92216diff-3aa52b4b8c6e0fb8422de65648e35887R101 The function fetchOembedData only...
SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)
This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules - http:...
Pulse Connect Secure and Pulse Policy Secure Cross-Site Request Forgery Vulnerabilities
Pulse Connect Secure and Pulse Policy Secure are both products of Pulse Secure, Inc. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a NAC and BYOD solution. A cross-site request forgery vulnerability exists in the diag.cgi file in Pulse Connect Secure and Pulse Policy Secure,...
CVE-2017-9066
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF...
openSUSE Security Update : nodejs (openSUSE-2016-1172)
This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules - http:...
IBM UrbanCode Release Cross-Site Request Forgery Vulnerability
IBM UrbanCode Release UCR is a set of collaborative release software platforms for managing multiple related application releases and their deployments from IBM in the United States. The platform supports the planning, execution and tracking of software releases at each stage of the lifecycle...
Nagios XI < 2009R1.2C Multiple CSRF Vulnerabilities
Nagios XI is prone to multiple cross-site request forgery CSRF vulnerabilities because the application fails to properly validate HTTP requests. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
[Full-disclosure] iDEFENSE Security Advisory 08.05.05: EMC Navisphere Manager Directory Traversal Vulnerability
EMC Navisphere Manager Directory Traversal Vulnerability iDEFENSE Security Advisory 08.05.05 www.idefense.com/application/poi/display?id=288&type=vulnerabilities August 05, 2005 I. BACKGROUND EMC Navisphere storage management software is a suite of tools that enables discovery, monitoring,...