CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension...

EUVD-2009-1013

Malware in sbrugna...

EUVD-2024-36103

Malicious code in bioql PyPI...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...

CVE-2024-36459

CVE-2024-36459 is a CRLF cross-site scripting issue identified in SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. Affected components are the Web Agent implementations for IIS and Domino; the vulnerability allows an attacker to execute arbitrary Javascript ...

PT-2024-27013 · Ca Technologies · Siteminder Web Agent For Domino Web Server +1

Name of the Vulnerable Software and Affected Versions: SiteMinder Web Agent for IIS Web Server affected versions not specified SiteMinder Web Agent for Domino Web Server affected versions not specified Description: A CRLF cross-site scripting issue has been identified in certain configurations of...

Exploit for Server-Side Request Forgery in Microsoft

CVE-2022-41040 Microsoft Exchange vulnerable to server-side...

Exploit for Use After Free in Microsoft

CVE-2021-31166 Why I recently wrote an exploit for CVE-20...

Exploit for CVE-2022-21907

CVE-2022-21907 Description 1. This repository detects a...

PortBender - TCP Port Redirection Utility

PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port e.g., 445/TCP to another TCP port e.g., 8445/TCP. PortBender includes an aggressor script that operators can leverage to integrate the tool with Cobalt Strike. Howeve...

TinyMCE Image Manager 1.1 XSS / File Upload

Hello list! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...

Adobe Patches Memory Flaws in Flash Player and Sandbox Vulnerability in ColdFusion

Adobe’s second set of security updates coinciding with Microsoft’s monthly patch releases were made available today. The two bulletins include patches for vulnerabilities in Adobe Flash Player and Adobe ColdFusion. The Flash vulnerabilities for Windows are rated most severe by Adobe and successfu...

ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. EMC Identifier: ESA-2012-003 CVE Identifier: CVE-2011-4142 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: EMC SourceOne Emai...

Microsoft Aims to Make Life Harder, More Expensive For Attackers

MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...

Oracle WebLogic Plugins Unspecified Remote Issue (CVE-2008-2579)

According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host may be affected by an unspecified remote vulnerability. Note that this issue affects the WebLogic plug-ins for Apache, Sun and IIS Web included with WebLogic Server and is only exploitable if o...

Design/Logic Flaw

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a...

CVE-2011-3140

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a...

Oracle WebLogic Server Encoded URL Remote Vulnerability

Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerability affects the following supported versions: 7. SP7,...

Oracle WebLogic Server 10.3.3 - Encoded URL

Oracle WebLogic Server 10.3.3 - Encoded URL source: https://www.securityfocus.com/bid/41620/info Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and I...