CakePHP allows remote attackers to spoof their IP

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

GHSA-6PCV-QQX4-MXM3 Minikube RCE via DNS Rebinding

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment...

WebTareas 2.4 - Blind SQLi (Authenticated)

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...

CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

CVE-2021-4138

Geckodriver vulnerability CVE-2021-4138 is supported by the CNNVD entry, which states that geckodriver versions prior to 0.30.0 are affected due to improved host header checks. The issue affects the HTTP API exposed by geckodriver/WebDriver; impact and exploitation details are not deeply describe...

CVE-2022-0507 Vulnerability: Authenticated SQL Injection in API

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL...

Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services over IP CFSoIP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacke...

WP Statistics < 13.1.6 - Multiple Unauthenticated Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP, browser and platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

CVE-2021-42023

The CVE-2021-42023 entry covers Siemens ModelSim Simulation and Questa Simulation (all versions) where the RSA white-box implementation does not sufficiently protect built‑in private keys used to decrypt IP data per IEEE 1735. The underlying issue is insufficiently protected credentials (CWE-522)...

Auerswald COMfortel 2.8F - Authentication Bypass Vulnerability

Exploit Title: Auerswald COMfortel 2.8F - Authentication Bypass Exploit Author: RedTeam Pentesting GmbH Version: 1400/2600/3600 Advisory: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface o...

Misconfigured IP address field in ROA leads to OctoRPKI crash

If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. Patches For more information If you have any questions or comments about this advisory email us at [email protected]...

DonPAPI - Dumping DPAPI Credz Remotely

Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those "secured" credentials, and retreive them using : User password Domaine DPAPI BackupKey Local machine DPAPI Key protecting TaskScheduled blob...

Unbreakable Enterprise kernel security update

4.14.35-2047.507.7.4 - KVM: x86: Check kvmrebooting in kvmspuriousfault Sean Christopherson Orabug: 33362693 4.14.35-2047.507.7.3 - arm64: Reserve elfcorehdr before scanning reserved memory from device tree Dave Kleikamp Orabug: 33354710 4.14.35-2047.507.7.2 - net: geneve: modify IP header check ...

Apartment Visitor Management System (AVMS) 1.0 - &#039;username&#039; SQL Injection

Exploit Title: Apartment Visitor Management System AVMS 1.0 - 'username' SQL Injection Date: 2021-08-13 Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

Pollenisator - Collaborative Pentest Tool With Highly Customizable Tools

Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3 Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc. Tools/scripts are separated into 4 categories : wave,...

Exploit for OS Command Injection in Strapi

CVE-2019-19609-EXPLOIT Exploit for CVE-2019-19609 in Strapi R...

CVE-2021-29922

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...

Dell OpenManage Enterprise docker实例预认证RCE认证绕过漏洞（CVE-2021-21596）

Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the w...