7077 matches found
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
Reverse Tabnabbing
texthelpers is vulnerable to reverse tabnabbing. The vulnerability exists in multiple functions in translation.rb due to lack of proper regular expression which allows an attacker to use web links to untrusted targets with window.opener access...
OFRAK - Unpack, Modify, And Repack Binaries
OFRAK Open Firmware Reverse Analysis Konsole is a binary analysis and modification platform. OFRAK combines the ability to: Identify and Unpack many binary formats Analyze unpacked binaries with field-tested reverse engineering tools Modify and Repack binaries with powerful patching strategies...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
CVE-2022-1388 RCE, Reverse Shell, and Auto-Export PCAP --...
4images 1.9 Remote Command Execution Vulnerability
Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...
Spoofing Attacks
codeigniter4/framework is vulnerable to spoofing attacks. The vulnerability exists in the getIPAddress in RequestTrait.php because the vulnerability may allow attackers to spoof their ip address when the server is behind a reverse proxy...
OpenTSDB 2.4.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
GHSA-GHW3-5QVM-3MQC CodeIgniter4 allows spoofing of IP address when using proxy
Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...
CodeIgniter4 allows spoofing of IP address when using proxy
Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...
CVE-2022-23556
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
Design/Logic Flaw
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
CVE-2022-23556: Attackers may spoof IP address when using proxy
Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...
4images 1.9 Remote Command Execution
Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...
PT-2022-16071 · Unknown · Codeigniter
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.2.11 Description: This issue may allow attackers to spoof their IP address when the server is behind a reverse proxy. Recommendations: For versions prior to 4.2.11, upgrade to version 4.2.11 or later, and...
CVE-2022-41561
The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...