189 matches found
Denial of service
An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...
CVE-2020-6083
An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...
CVE-2020-6087
CVE-2020-6087 affects Allen-Bradley Flex IO 1794-AENT/B (Series B) via the ENIP Request Path Data Segment. The vulnerability occurs when the ANSI Extended Symbol Segment Sub-Type is used; the following byte is treated as the Data Size in words, and if it exceeds the packet data, the device faults...
CVE-2020-6086
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...
CVE-2020-6086
CVE-2020-6086 affects Allen-Bradley Flex IO 1794-AENT/B (EtherNet/IP ENIP) in the ENIP Request Path Data Segment. The issue is triggered when a Simple Data Segment Sub-Type is used: the byte after the segment is treated as the Data Size in words, and if that value exceeds the remaining packet dat...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Data Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Port Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
jenkins: CSRF protection bypass via crafted URLs
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...
Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...
This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...
CVE-2019-13969
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=uiset&m=admin&c=index&a=dogettextcontent&table=lang&field=1 request...
CVE-2019-10657
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...
The vulnerability of Secutech router microprogramming software, related to insufficient verification of data authenticity, allows a hacker to alter DNS settings.
The vulnerability of Secutech router microprogramming software is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor to alter DNS settings by making a request to goform/AdvSetDns?GO=wandns.asp...
CVE-2019-9040
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332...
MGASA-2019-0035 Updated python-django packages fix security vulnerability
An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the...
PT-2018-2973
Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Description The issue is related to HTTP request splitting, where Node.js can be tricked into using unsanitized user-provided Unicode data for the path option of an HTTP request...
DNSDiag - DNS Diagnostics And Performance Measurement Tools
Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to mak...
fsk-server Directory Traversal Vulnerability
Node.js module fsk-server is a simple http server. A directory traversal vulnerability exists in fsk-server. An attacker can exploit this vulnerability by placing ". /" in a url to access the file system...
UBUNTU-CVE-2017-12196
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the...
ZOHO ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability
ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL architecture based on IT service management software ITSM. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management a...
Parameter overflow vulnerability in OpenResty uri
OpenResty® is a high-performance web platform based on Nginx and Lua, with a large number of well-integrated Lua libraries, third-party modules, and most dependencies. A parameter overflow vulnerability exists in OpenResty uri. The vulnerability stems from the program's inability to properly fetc...