5908 matches found
CVE-2018-0705
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests...
Kubernetes API Server acts as proxy for internal and external IPs | Cloud Foundry
Severity Unspecified Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to v0.26.0 Description Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications input type="hidden" name="txtHelpPage" valu...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF
input...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery
input type="hidden" name="...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery
Summary The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity,...
The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software lies in errors during the checking of HTTP requests in the management interface, which allows attackers to perform inter-site forged requests.
The vulnerability of Cisco Enterprise NFV Infrastructure Software-related software lies in the improper checking of HTTP requests in the management interface. Exploiting this vulnerability allows a remote attacker to perform inter-site forged requests...
CVE-2018-15465
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...
W3Brute - Automatic Web Application Brute Force Attack Tool
w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features 1. Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process...
CVE-2018-1000840
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...
CVE-2018-1000840
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...
Xxe
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...
CVE-2018-1000840
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...
Squid 3.2.0.11 < 3.x < 3.5.18 / 4.x < 4.0.10 Cache Poisoning Vulnerability (SQUID-2016:7)
According to its banner, the version of Squid running on the remote host is 3.x after 3.2.0.11 and prior to 3.5.18, or 4.x prior to 4.0.10. It is, therefore, affected by a cache poisoning vulnerability in the handling of HTTP requests. Note that Nessus has not tested for this issue but has instea...
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
!/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat = logging.handlers.WatchedFileHandler'mysql.log', 'ab'...
openSUSE Security Update : apache2-mod_jk (openSUSE-2018-1510)
This update for apache2-modjk fixes the following issue : Security issue fixed : - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd bsc1114612. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Securit...
RHEL 6 : Ruby on Rails (RHSA-2013:0153)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view components...
Apache Tika Command Injection (CVE-2018-1335)
A command injection vulnerability exists in Apache Tika. The vulnerability is due to improper validation of the HTTP requests. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the insufficient protection of the website structure, which allows a hacker to inject arbitrary code into the web pages that users are asked to download.
The vulnerability of the Microsoft Dynamics 365 resource planning software application is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the web pages uploaded to users, thereby gaining access to...
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt + ISR: ApparitionSec Greetz: indoushka | Eduardo B. 0day Vendor www.necam.com Affected Product Code Base NEC...