49 matches found
CVE-2025-24011
Summary: CVE-2025-24011 affects Umbraco CMS (.NET). From 14.0.0 up to, but not including, 14.3.2 and 15.1.2, an attacker can determine whether an account exists by analyzing response codes and timing of the management API. Impact: information exposure; no availability/integrity impact claimed. Ve...
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...
Lack of brute force protection
Issue Description • A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until an attacker discover the one correct combination that works. Steps to Reproduce: '1. First capture login request with BurpSuite,...
Event Registration System 代码问题漏洞
Event Registration System is an event registration system with QR codes by Carlo Montero Personal Developer. A security vulnerability exists in the Event Registration System version 1.0, which stems from an incorrect manipulation of the parameter cmd leading to unrestricted file uploads...
GHSA-GGF6-638M-VQMG Netmaker vulnerable to Insufficient Granularity of Access Control
Impact Improper Authorization functions leads to non-privileged users running privileged API calls. If you have added users to your Netmaker platform who whould not have admin privileges, they could use their auth token to run admin-level functions via the API. In addition, differing response cod...
USN-4768-1: musl vulnerabilities
It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. CVE-2018-1000001 It was discovered that musl did not properly handle the parsing of DNS response codes. A remote...
Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...
Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...
Security fix for the ALT Linux 10 package thunderbird version 78.5.1-alt1
Dec. 2, 2020 Andrey Cherepanov 78.5.1-alt1 - New version 78.5.1. - Security fixes: + CVE-2020-26970 Stack overflow due to incorrect parsing of SMTP server response codes...
EAP: field-name is not parsed in accordance to RFC7230
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...
aflnet
It is an offensive tool for Network protocols. The repository contains a greybox fuzzer for protocol implementations, named AFLNet. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of record...
Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output
Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...
ftp-syst NSE Script
Sends FTP SYST and STAT commands and returns the result. The canonical SYST response of "UNIX Type: L8" is stripped or ignored, since it is meaningless. Typical FTP response codes 215 for SYST and 211 for STAT are also hidden. References: Example Usage nmap -sV -sC Script Output | ftp-syst: | SYS...
The power of Wallarm search engine
In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...
The power of Wallarm search engine
In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...
SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0714-1)
This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed bsc1028391 : - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js...
Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...
strange_http_codes
Analyze HTTP response codes sent by the remote web application and report uncommon findings. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly...
dns-ip6-arpa-scan NSE Script
Performs a quick reverse DNS lookup of an IPv6 network using a technique which analyzes DNS server response codes to dramatically reduce the number of queries needed to enumerate large networks. The technique essentially works by adding an octet to a given IPv6 prefix and resolving it. If the add...
Web Site Crawler
Crawl a web site and store information about what was found This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Web Site Crawler', 'Description' = 'Crawl a web site and store information about what...