73 matches found
Wireshark 4.2.x < 4.2.9 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 4.2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.2.9 advisory. - The FiveCo RAP dissector could go into an infinite loop. Fixed in master: d8ca9fc339 Fixed in release-4.4:...
PT-2024-8606
Name of the Vulnerable Software and Affected Versions Wireshark versions 4.2.0 through 4.2.8 Wireshark versions 4.4.0 through 4.4.1 Description The issue is related to the FiveCo RAP dissector in Wireshark, which can enter an infinite loop. This can be exploited to cause a denial of service by...
rap-n-blues.com Improper Access Control vulnerability OBB-3808859
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-4760
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...
Design/Logic Flaw
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...
CVE-2023-4760
CVE-2023-4760 affects Eclipse RAP versions 3.0.0–3.25.0. The issue arises from the FileUploadProcessor.stripFileName(String name) path handling: when a "/" is found, the portion before it is discarded, but backslashes that appear later may be kept. This can allow Remote Code Execution on Windows ...
CVE-2023-4760 Remote Code Execution in Eclipse RAP on Windows
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...
CVE-2023-4760 Remote Code Execution in Eclipse RAP on Windows
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...
CVE-2023-4760 Remote Code Execution in Eclipse RAP on Windows
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...
Eclipse RAP Path Traversal Vulnerability
Eclipse RAP is an open source software project of the Eclipse Foundation designed to enable software developers to build Ajax-enabled Rich Internet Applications using the Eclipse development model, plug-ins, and Java-only Application Programming Interface. A security vulnerability exists in Eclip...
CVE-2023-38902
A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...
CVE-2023-38902
CVE-2023-38902 describes a command injection in Ruijie RG-EW/RG-NBS/RG-S1930/RG-EG/EAP/RAP/NBC devices. Affected are RG-EW series (EW 3.0(1)B11P219), RG-NBS/S1930 (3.0(1)B11P219), RG-EG (3.0(1)B11P219), EAP/RAP (3.0(1)B11P219), and NBC controllers (AC 3.0(1)B11P219). The root cause is a vulnerabi...
CVE-2023-34644
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW3.01B11P204, RG-NBS and RG-S1930 series switches SWITCH3.01B11P218, RG-EG series business VPN routers EG3.01B11P216, EAP and RAP series wireless access points AP3.01B11P218, NBC series wirele...
Ruijie Networks Product 代码注入漏洞
Ruijie Networks Product is a series of Ruijie wireless products from China-based Ruijie Networks. A security vulnerability exists in the Ruijie Networks Product that originates from an API privilege that allows a remote attacker to escalate via a POST request to /cgi-bin/luci/ and affects the...
CVE-2023-34644
CVE-2023-34644 is a remote code execution vulnerability in Ruijie Networks products. A crafted POST to /cgi-bin/luci/api/auth allows unauthorized remote attackers to gain the highest privileges. Affected products and versions include Ruijie RG-EW series (EW_3.0(1)B11P204), RG-NBS and RG-S1930 ser...
This Week in Security News: Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles and VirusTotal Now Supports Trend Micro ELF Hash
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals are passing the time during the COVID-19 pandemic with online poker games, where the prizes include stolen...
STOMP 2 DIS: Brilliance in the (Visual) Basics
Throughout January 2020, FireEye has continued to observe multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE. The campaigns primarily targeted financial services organizations in the United States, though targeting is likely more widespread than...
rap-fr.fr Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1080627 Security Researcher haxmov Helped patch 708 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting rap-fr.fr website and its...
rap-portal.org Open Redirect vulnerability
Open Bug Bounty ID: OBB-678282 Description| Value ---|--- Affected Website:| rap-portal.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
CVE-2018-11031
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an apiurl=file:////etc/passwd&apimethod=get POST request...