GHSA-7MR7-4F54-VCX5 HTTP Client uses incorrect token after refresh

Impact HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh. This occurs because a refreshed token will be captured in pooled HttpClient instances, which may be used by a different user. Workarounds Instead of using...

HTTP Client uses incorrect token after refresh

Impact HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh. This occurs because a refreshed token will be captured in pooled HttpClient instances, which may be used by a different user. Workarounds Instead of using...

Insertion of Sensitive Information Into Sent Data

Overview symfony/http-client is a Symfony HttpClient component. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the request function in NoPrivateNetworkHttpClient, used during host resolution. This can be exploited to enumerate ports or IP...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to Apache HttpClient Vulnerability

Summary IBM Sterling Connect:Direct Web Services uses Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs.. This bulletin identifies the steps to take to address the vulnerabilities...

Vicidial SQL Injection Time-based Admin Credentials Enumeration

This module exploits a time-based SQL injection vulnerability in VICIdial, allowing attackers to dump admin credentials usernames and passwords via SQL injection. Module Options msf use auxiliary/scanner/http/vicidialsqlenumuserspass msf auxiliaryvicidialsqlenumuserspass show actions ...actions...

Security Bulletin: Vulnerabilities in Logback, Guava and Apache HTTPClient affect IBM watsonx.data

Summary Logback, Guava and Apache HTTPClient have vulnerabilties that can affect watsonx.data. These vulnerabilities include remote attacks to bypass security restrictions and remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550...

RHSA-2014:1166 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

RHSA-2013:0682 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

RHSA-2013:0680 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

RHSA-2013:0270 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

Cisco Network Access Manager Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Network Access Manager Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal vulnerability...

Jira Users Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jira Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability that allows an unauthenticated user to...

S40 0.4.2 CMS Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'S40 0.4.2 CMS Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability found in S40 CMS. T...

NetDecision NOCVision Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetDecision NOCVision Server Directory Traversal', 'Description' = %q This module exploits a directory traversal bug in NetDecision's...

Embedthis GoAhead Embedded Web Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Embedthis GoAhead Embedded Web Server Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in the...

ClanSphere 2011.3 Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ClanSphere 2011.3 Local File Inclusion Vulnerability', 'Description' = %q This module exploits a directory traversal flaw found in Clansphere...

FrontPage .pwd File Credential Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FrontPage .pwd File Credential Dump', 'Description' = %q This module downloads and parses the 'vtipvt/service.pwd', 'vtipvt/administrators.pwd',...

Sockso Music Host Server 1.5 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sockso Music Host Server 1.5 Directory Traversal', 'Description' = %q This module exploits a directory traversal bug in Sockso on port 4444. This...

Dolibarr 16 Pre-auth Contact Database Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr 16 pre-auth contact database dump', 'Description' = %q Dolibarr version 16 'Vladimir TOUTAIN', 'Nolan LOSSIGNOL-DRILLIEN' , 'License' =...

Ruby On Rails JSON Processor YAML Deserialization Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerabl...