723 matches found
Nagios XI代码问题漏洞
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An arbitrary file upload vulnerability exists in Nagios XI 5.7.5 and earlier versions. The vulnerability stems from improper validatio...
The vulnerability of the ATS ESI web server plugin for Apache Traffic Server allows a hacker to gain access to confidential data.
The vulnerability of the ATS ESI web server plugin related to the Apache Traffic Server involves the disclosure of information. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...
Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Server Side Request Forgery (SSRF)
The includes/mc-getlists.php file used the 'apiKey' POST parameter to create an https URL from it without sanitisation and called it with cURL, leading to a SSRF issue. The issue is exploitable via direct access to the affected file, and ucmmmcapi AJAX call available to both authenticated and...
Microsoft SharePoint DataFormWebPart Server-Side Include Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of web parts of type DataFormWebPart. By specifying a custo...
Server side request forgery (ssrf)
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF...
squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer,...
squid: Improper input validation in request allows for proxy manipulation
A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo username and password for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a...
Arbitrary File Deletion
wordpress is vulnerable to Arbitrary File Deletion. Insecure validation of the meta key protection in isprotectedmeta in wp-includes/meta.php allows an attacker to delete arbitrary files on the host...
Sql injection
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...
lookn4u.com Cross Site Scripting vulnerability OBB-1428481
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
vplak.com Cross Site Scripting vulnerability OBB-1263455
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
v-os.ca Cross Site Scripting vulnerability OBB-1259041
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
MTN Group: [mtn.com.af] Multiple vulnerabilities allow to Application level DoS
Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...
MTN Group: CVE-2018-6389 exploitation - using scripts loader
Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...
sweetmmn.com.br Cross Site Scripting vulnerability OBB-1211686
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
PT-2020-16064 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 Description: In WordPress, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. This issue is related to the comment-template.php file in the...
begoodsubbingteam.cliphub.net Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1179668 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Squid vulnerabilities (USN-4356-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4356-1 advisory. Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes ESI responses. A malicious remote server could...
hilyses.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1160428 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
USN-4356-1 squid, squid3 vulnerabilities
Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes ESI responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. CVE-2019-12519, CVE-2019-12521 It was discovered that Squid incorrectly handled the...