CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

CVE-2022-40621

Because the WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed...

CVE-2022-40621

The CVE-2022-40621 entry concerns WAVLINK Quantum D4G (WN531G3). Affected firmware versions M31G3.V5030.200325 and earlier communicate over HTTP (not HTTPS), and the device’s authentication hashing does not rely on a server-supplied key. This enables an attacker with sufficient network access to ...

CVE-2022-3174

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-3174

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

Session fixation

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

PYSEC-2022-271

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-3174 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-3174 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-3174

CVE-2022-3174 affects rdiffweb prior to 2.4.2, where cookies are transmitted over HTTPS without the Secure attribute, exposing confidentiality. The issue impacts the GitHub repo ikus060/rdiffweb; CVSS v3.1/3.0 base score 7.5 (HIGH) with network attacker, no user interaction. Affected component: s...

[SECURITY] Fedora 37 Update: curl-7.84.0-3.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Security Bulletin: Multiple vulnerabilities in WebSphere Liberty affect SPSS Collaboration and Deployment Services

Summary There are multiple vulnerabilities in WebSphere Liberty used by SPSS Collaboration and Deployment Services. These issues have been addressed. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are...

Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)

Custom shellcode stage. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/windows/x64/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf payloadreversewinhttps show options ...show and set...

Windows shellcode stage, Reverse HTTPS Stager with Support for Custom Proxy

Custom shellcode stage. Tunnel communication over HTTP using SSL with custom proxy support Module Options msf use payload/windows/custom/reversehttpsproxy msf payloadreversehttpsproxy show actions ...actions... msf payloadreversehttpsproxy set ACTION msf payloadreversehttpsproxy show options...

Windows shellcode stage, Reverse Hop HTTP/HTTPS Stager

Custom shellcode stage. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. Module Options msf use payload/windows/custom/reversehophttp msf payloadreversehophttp show actions ...actions... msf...

Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)

Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/windows/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show options ...show and set options... msf...

Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp)

Custom shellcode stage. Tunnel communication over HTTPS Windows winhttp Module Options msf use payload/windows/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf payloadreversewinhttps show options ...show and set options... msf...

Powershell Exec, Windows shellcode stage, Reverse Hop HTTP/HTTPS Stager

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. Module Options msf use...

Powershell Exec, Windows shellcode stage, Reverse HTTPS Stager with Support for Custom Proxy

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP using SSL with custom proxy support Module Options msf use payload/cmd/windows/powershell/custom/reversehttpsproxy msf payloadreversehttpsproxy show actions ...actions... msf...

Powershell Exec, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/powershell/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...