7081 matches found
Webmin Cross-Site Request Forgery Vulnerability (CNVD-2021-31910)
Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. An attacker can use this vulnerability to create an elevated privilege user via Webmin...
CVE-2021-31762
Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...
CVE-2021-31762
Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...
Cross site request forgery (csrf)
Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...
CVE-2021-31762
Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...
CVE-2021-31762
CVE-2021-31762 affects Webmin 1.973 and is a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to create a privileged user via Webmin’s Add Users feature and, via Webmin’s Run Process feature, obtain a reverse shell. The connected sources confirm the vulnerability leads to ...
Webmin 跨站请求伪造漏洞
Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. An attacker can use this vulnerability to create an elevated privilege user via Webmin...
OverRide - Binary Exploitation And Reverse-Engineering (From Assembly Into C)
Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag - password for next level README.md - how to find password source.c - the reverse engineered binary dissasemblynotes.md - notes on asm See the subject...
Hack-Tools
This is an offensive tool for Web Pentesters. It is a browser extension called HackTools, which facilitates web application penetration tests. The extension includes cheat sheets and tools such as XSS payloads, reverse shells, and more, accessible in one click. It can be used in pop-up mode or in...
OTRS 6.0.1 - Remote Command Execution Exploit (2)
Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921 !/usr/bin/env python3...
Exploit for Cross-Site Request Forgery (CSRF) in Webmin
..| CVE-2021-31762 |.. Description : Exploiting a Cross-sit...
CVE-2021-29456
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
CVE-2021-29456
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
Authorization
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
CVE-2021-29456 Authelia allows open redirects on the logout endpoint
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
Reproxy - Simple Edge Server / Reverse Proxy
Reproxy is a simple edge HTTPs server / reverse proxy supporting various providers docker, static, file. One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL...
Sydent vulnerable to denial of service attack via memory exhaustion
Impact Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to disk space exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers....
GHSA-WMG4-8CP2-HPG9 Sydent vulnerable to denial of service attack via memory exhaustion
Impact Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to disk space exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers....
Targeted Malware Reverse Engineering Workshop follow-up. Part 1
On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global Research & Analysis Team GReAT, who gave live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases, moderated by GReATs own Dan Demete...
Online Reviewer System SQL Injection Vulnerability
Online Reviewer System is a software application. An online reviewer system. Online Reviewer System version 1.0 suffers from a SQL injection vulnerability that stems from an authentication bypass SQL injection vulnerability that could result in a reverse shell upload. No detailed vulnerability...