CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...

Malicious code in icf-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8361b152fc7c673dc95e4055a36459ced57bfc88a733b5e9543c2dc07914156a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10978 Malicious code in icf-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8361b152fc7c673dc95e4055a36459ced57bfc88a733b5e9543c2dc07914156a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SAP ICF /sap/public/info Service Sensitive Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

SAP ICF Open-Redirect

In all versions of SAP ABAP Platform, SAP NetWeaver, SAP Web Application Server and SAP S/4HANA an Open Redirect exists via the 'redirecturl' parameter from the logoff page. This can be used to redirect the victim to a malicious URL. Cyber-criminals will abuse these vulnerabilities in social...

icf.com Cross Site Scripting vulnerability OBB-3379964

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Powershell Exec, Windows Disable Windows ICF, Command Shell, Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Disable the Windows ICF, then listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/powershell/shellbindtcpxpfw msf payloadshellbindtcpxpfw show actions ...actions... msf payloadshellbindtcpxpfw set ACTIO...

icfdeventer.nl Improper Access Control vulnerability OBB-2426707

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...

Cross site scripting

Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...

CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...

CVE-2021-3243

CVE-2021-3243 affects WFilter ICF 5.0.117. The issue is a cross-site scripting (XSS) vulnerability where an attacker on the same LAN can craft a packet with a malicious User-Agent header to inject a payload into logs, with potential takeover via the plugin-running function. Connected sources conf...

WFilter ICF 跨站脚本漏洞

WFilter ICF is a WFilter open source application . Provides a Web-based content management system . Wfilter ICF version 5.0.117 cross-site scripting vulnerability can be exploited by an attacker who can take over the system through its ability to run plug-ins...

icf-nt.com Cross Site Scripting vulnerability OBB-1290278

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

icf-sask.org XSS vulnerability

Open Bug Bounty ID: OBB-702768 Description| Value ---|--- Affected Website:| icf-sask.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unt...

CVE-2016-9204

CVE-2016-9204 relates to Cisco Intercloud Fabric Director. The vulnerability stems from static credentials for an internal account, enabling an unauthenticated, remote attacker to connect to internal services within the Cisco Nexus 1000V InterCloud deployment. Affected releases include 2.2(1). Th...

CVE-2016-9832

PricewaterhouseCoopers PwC ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via 1 SAPGUI or 2 Internet Communication Framework ICF over HTTP or HTTPS, as demonstrated by WEBGUI or Report...

Microsoft Windows XP Weak Default Configuration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11410/info Microsoft Windows XP Service Pack 2 is reported prone to a weak default configuration vulnerability. Internet Connection Firewall ICF includes functionality that controls what binaries are permitted to listen f...

SAP ICF /sap/public/info Service Sensitive Information Gathering

This module uses the /sap/public/info service within SAP Internet Communication Framework ICF to obtain the operating system version, SAP version, IP address and other information. This module requires Metasploit: https://metasploit.com/download Current source:...

[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...