CVE-2024-41124

CVE-2024-41124 affects the Puncia CLI (Official CLI for Subdomain Center & Exploit Observer) where API_URLS communicated over HTTP instead of HTTPS. Root cause: cleartext transmission enabling eavesdropping, data tampering, unauthorized data access, and MITM risks. The issue is mitigated in relea...

CVE-2024-41124 Puncia Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...

GHSA-342Q-2MC2-5GMP @jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)

Summary The maintainer been contemplating whether FTP or other protocols could serve as useful functionalities, but there may not be a practical reason for it since we are utilizing headless Chrome to capture screenshots. The argument is based on the assumption that this package can function as a...

How to retrieve the keystore password needed to renew the HTTPS internal XenMobile SSL certificate

The internal SSL certificate has expired and Mobile Device Management MDM administrator does not remember the keystore password to renew the HTTPS certificate https.p12...

Error: "HTTP Error 404" When Accessing StoreFront Through NetScaler Gateway

Error: "HTTP Error 404" when accessing StoreFront through NetScaler Gateway. This issue surfaces after changing the StoreFront base URL from HTTP to HTTPS. The following is the NetScaler Session Profile snippet:...

Error: "StoreFront Monitor Probe Failed" on NetScaler

StoreFront monitor does not work on NetScaler and displays error "StoreFront Monitor Probe Failed". When http monitor is bound to StoreFront service, 200 OK is received in response and service shows as UP. When https monitor is bound to StoreFront service, it fails with error 404 Not Found...

Vulnerability in License Server and Snap-in for Desktop Studio, aka Heartbleed

Secure Configuration of Licensing Heartbleed Update In response to the recent Heartbleed vulnerability in OpenSSL CVE-2014-0160 Citrix released a security advisory, CTX140605, advising customers of its potential effects on some Citrix Licensing components. As part of the Citrix response to this...

CBL Mariner 2.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...

CVE-2024-21759

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests...

CVE-2024-21759

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests...

CVE-2023-50181

An improper access control vulnerability CWE-284 in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests...

CVE-2023-50181

An improper access control vulnerability CWE-284 in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests...

CVE-2023-50181

An improper access control vulnerability CWE-284 in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests...

CVE-2024-21759

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests...

CVE-2024-21759

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests...

CVE-2024-21759

Fortinet FortiPortal versions 7.0.0–7.0.6 and 7.2.0 are affected by an authorization bypass via a user-controlled key in the administration interface. This allows a remote attacker to view unauthorized resources through HTTP/HTTPS requests. Root cause and exact remediation details are not provide...

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks

Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service DDoS attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control C2 servers "ootheca.pw" and...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...