HTTPS Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Use an established connection Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options...

CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

security-guide-for-developers

This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...

The vulnerability of the HTTPS protocol implementation in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the HTTPS protocol’s implementation in macOS systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource management error vulnerability that can be exploited by an attacker to trigger post-release reuse when creating a WebRTC connection over HTTPS...

undertow: Server identity in https connection is not checked by the undertow client

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

AZL-6744 CVE-2021-22939 affecting package nodejs for versions less than 16.14.0-1

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

UBUNTU-CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...

CVE-2020-3929

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages...

The vulnerability of the Attachments/File Upload component of the Oracle Applications Framework allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Attachments/File Upload component of the Oracle Applications Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTPS protocol...

The vulnerability of the Oracle iSupport web application allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Oracle iSupport web application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTPS protocol...

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service, which allows a hacker to cause a service failure.

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTPS protocol...

The vulnerability of the Message Hooks component of Oracle CRM’s customer relationship management system allows a perpetrator to access, modify, add, or delete data.

The vulnerability of the Message Hooks component in Oracle CRM Technical Foundation’s customer relationship management system is related to deficiencies in access control. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to modify, add, or delete data using the...

The vulnerability of the Wireless sub-component of the Oracle Field Service component in the Oracle E-Business Suite, a business automation system, allows a malicious actor to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Wireless component of the Oracle Field Service system, a component of the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or gain unauthorized access to protected...

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system is related to lack of access control. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information using the HTTPS network...

The vulnerability of the Oracle iSupport web application allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Oracle iSupport web application relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data, or to unauthorizedly access protected information using the HTTPS protocol...

CVE-2020-2661

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite component: Others. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” is related to deficiencies in the implementation of the browser interaction protocol and the IIS service, allowing a hacker to execute arbitrary code.

The vulnerability of the GALAXY ERP resource management system is related to deficiencies in the implementation of the browser interaction protocol and the IIS service of GALAXY ERP. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code in the client browser when t...