12 matches found
EUVD-2022-5675
Malicious code in bioql PyPI...
CVE-2023-30995
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268...
CVE-2020-13485
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: =8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-3887...
Design/Logic Flaw
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268...
CVE-2020-13485
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...
CVE-2020-13485
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...
CVE-2020-13485
The Knock Knock plugin for Craft CMS is affected up to version 1.2.7 (pre-1.2.8). The root cause is a flawed IP whitelisting mechanism that trusts the X-Forwarded-For header, allowing an attacker to bypass IP-based access controls. Impact: potential unauthorized access due to bypassed whitelist; ...
Ruby on Rails Web Console IP Whitelist Bypass RCE Vulnerability
The Web Console tool as used in Ruby on Rails is prone to a remote code execution RCE vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
PT-2019-5513 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions 3.6.0 through 3.6.17 MongoDB Server versions 4.0.0 through 4.0.14 MongoDB Server versions 4.2.0 through 4.2.2 MongoDB Server versions 4.3.0 through 4.3.2 Description: The issue is related to improper serialization of...
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution Exploit
Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Web Console v2 Whitelist Bypass Code Execution',...
IP whitelist bypass in Web Console
Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...