5908 matches found
Teradek Cube 7.3.6 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications i...
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications input type="hidden" name="pw...
Teradek Slice 7.3.15 Change Password Cross Site Request Forgery
...
Teradek Slice 7.3.15 - Cross-Site Request Forgery
Teradek Slice 7.3.15 - Cross-Site Request Forgery...
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery input type="hidden" name="pw2" value...
Teradek Cube 7.3.6 - Cross-Site Request Forgery
input type="submit"...
Quest NetVault Backup Multipart Request Authentication Bypass (CVE-2018-1163)
An authentication bypass vulnerability exists in the web interface component of Quest NetVault Backup. The vulnerability is due to how the server handles the HTTP requests...
MyBB 1.8.x Denial of Service Exploit
MyBB Denial of Service Attack - 1.8.x Usage Info MyBB DoS POC Requirements python requests pip install requests Usage; python3 mybbdos.py -t "http://target/" -u username -p password !/usr/bin/env python3 import sys import requests import argparse import random import time def mainargv: global...
Jenkins Plugin Resources Directory Traversal (CVE-2018-6356)
A directory traversal vulnerability exists in Jenkins. The vulnerability is due to insufficient input validation of a request parameter in HTTP requests to the plugin resource directory...
CVE-2018-10519
CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...
New Relic: Blind SSRF in Ticketing Integrations Jira webhooks leading to internal network enumeration and blind HTTP requests
Summary The Ticketing Integrations Jira webhooks for Jira 5/6 and Jira 4 are vulnerable to Blind SSRF issues. These endpoints can be abused to map internal NewRelic network services and send blind HTTP GET and POST requests to identified services. Details The Ticketing Integrations Jira 4 and Jir...
CVE-2018-0260
A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker cou...
Leaking ads
When we use popular apps with good ratings from official app stores we assume they are safe. This is partially true – usually these apps have been developed with security in mind and have been reviewed by the app store's security team. However, we found that because of third-party SDKs many popul...
The Recipe for Web Performance Starts with the Right Ingredients: Page Construction Metrics
You can't manage what you can't measure. As devices grow in capacity and innovations allow us to do more with web apps, the complexity of our pages has grown, too. It becomes a balancing act to increase functionality while maintaining a performant and responsive site. Just like a great recipe, to...
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)
Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000...
KYOCERA Net Admin 3.4 Multiple XSS Vulnerabilities
Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...
CVE-2018-1469
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...
Design/Logic Flaw
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...
CVE-2018-1469
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...
Apache HTTP Server Multiple Vulnerabilities (Apr 2018) - Windows
Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...