DarkSide - Tool Information Gathering And Social Engineering

Features: Hacker Dashboard Hacker News thehackernews.com/ New Exploits Exploit-db.com Hacking Tutorials Video youtube.com The Latest Prices OF Digital Currencies Rials , Usd Information Gathering Bypass Cloud Flare Cms Detect Trace Toute Reverse IP Port Scan IP location Finder Show HTTP Header Fi...

Automattic: [intensedebate.com] Open Redirect

Hello Summary: I have found a Open Redirect on https://intensedebate.com//fb-connect/logoutRedir.php?goto=, the parameters $GET'goto' is reflected to the HTTP-Header Response Location HTTP Request GET /fb-connect/logoutRedir.php?goto=\http://\ HTTP/1.1 Host: intensedebate.com User-Agent:...

nodejs: HTTP request smuggling due to CR-to-Hyphen conversion

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

Oracle Linux 7 : tomcat (ELSA-2020-5020)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5020 advisory. 0:7.0.76-16 - Resolves: rhbz1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling Tenable has extracted the...

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18 v2.7.18rc1; v3.5.10 v3.5.10rc1; v3.6.11 v3.6.11rc1 v3.6.12; v3.7.8 v3.7.8rc1 v3.7.9; v3.8.3 v3.8.3rc1 v3.8.4 v3.8.4rc1 v3.8.5 v3.8.6 v3.8.6rc1.

...

phpLDAPadmin < 0.9.8 DoS Vulnerability - Windows

phpLDAPadmin is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpLDAPadmin < 0.9.8 DoS Vulnerability - Linux

phpLDAPadmin is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BigBlueButton Greenlight has an unspecified vulnerability

BigBlueButton is an open source Web conferencing system from the BigBlueButton community. versions prior to BigBlueButton Greenlight 2.5.6 have a security vulnerability that stems from an allow HTTP header host and source attack, which can be exploited by an attacker to cause an account takeover...

Authorization Bypass

expressjs-ip-control is vulnerable to authorization bypass. An unauthenticated user is able to bypass the IP whitelist using the X-Forwarded-For HTTP header, resulting in unauthroized access to restricted resources and services...

Oracle Linux 8 : nodejs:12 (ELSA-2020-4272)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4272 advisory. nodejs 1:12.18.4-2 - Resolves: RHBZ1883966 - nodejs-devel not installable due to missing brotli - Some spec fixes 12.18.4-1 - Rebase to 12.18.4...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

Design/Logic Flaw

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-15793

CVE-2020-15793 affects Siemens Desigo Insight (all versions). The vulnerability stems from not properly setting the X-Frame-Options header, enabling clickjacking that could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user. The ICSA advisory notes th...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

Cross site scripting

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a...

Security Bulletin: IBM Security Guardium is affected by Python vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9948 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by improper input validation by the urllib. By sending a specially-crafted request, an...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 is affected by an HTTP header (Host and Origin) input issue that enables account takeover when a user clicks a spoofed password‑reset link. Root cause: header handling allows spoofing of origins/hosts. Impact: potential account compromise; attacks require net...