748 matches found
CVE-2017-16542
CVE-2017-16542 affects Zoho ManageEngine Applications Manager 13 prior to build 13500. The vulnerability is a post-authentication SQL injection via the name parameter in the manageApplications.do?method=insert endpoint. PoCs show a POST request to /manageApplications.do?method=insert can inject S...
CVE-2017-16542
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request...
FileRun 2017.09.18 - SQL Injection
FileRun 2017.09.18 - SQL Injection !/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version:...
How to Remove the "Skip Check" Option from Post-Authentication and nfactor EPA Scans
This article describes how to remove the "Skip Check" option from EPA.HTML on post-authentication NetScaler Gateway EPA scan. The solution in this article is meant for X1, Default, GreenBubble and RfWebUI portal themes...
WiseGiga NAS - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Source: https://blogs.securiteam.com/index.php/archives/3402 Vulnerabilities summary The following advisory describes five 5 vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company...
WiseGiga NAS - Multiple Vulnerabilities
WiseGiga NAS - Multiple Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3402 Vulnerabilities summary The following advisory describes five 5 vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. T...
Cross site scripting
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...
CVE-2017-5241
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...
Security fix for the ALT Linux 9 package openvpn version June
June 21, 2017 Nikolay A. Fetisov 2.4.3-alt1 - New version - Security fixes: + CVE-2017-7522 Post-authentication --x509-track remote DoS + CVE-2017-7521 Post-authentication remote-triggerable memory leaks + CVE-2017-7521 Potential post-authentication remote code execution on servers that use the...
Configure post-authentication Endpoint Analysis scan as factor in Citrix ADC nFactor auth
For detailed information refer to Citrix Documentation -Configure post-authentication Endpoint Analysis scan as a factor in Citrix ADC nFactor authentication...
SquirrelMail -- post-authentication access privileges
Florian Grunow reports: An attacker able to exploit this vulnerability can extract files of the server the application is running on. This may include configuration files, log files and additionally all files that are readable for all users on the system. This issue is post-authentication. That...
CVE-2017-9078
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...
Double free
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...
DEBIAN-CVE-2017-9078
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...
CVE-2017-9078
CVE-2017-9078 affects Dropbear server prior to 2017.75, where a post-authentication double-free during TCP listener cleanup (when -a is enabled) could allow root remote code execution. The connected sources document the vulnerability and its Fix: Dropbear updates to 2017.75+ (and related advisori...
CVE-2017-9078
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...
CVE-2017-9078
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...
CVE-2017-7692
SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...
UBUNTU-CVE-2017-7692
SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...
CVE-2017-7692
CVE-2017-7692 affects SquirrelMail up to 1.4.22 (and likely older in SVN builds) where the sendmail delivery path mishandles a user-controlled sendmail.cf via a popen call. The root cause is the use of escapeshellcmd() in Deliver_SendMail.class.php/initStream, which fails to escape spaces, enabli...