57 matches found
EUVD-2013-6856
Malware in sbrugna...
EUVD-2012-4915
Malware in sbrugna...
CVE-2019-14277
Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...
CVE-2012-4991
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...
K15807: cURL and libcurl vulnerability CVE-2014-1263
Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.50...
SUSE CVE-2014-8151
The darwinsslconnectstep1 function in lib/vtls/curldarwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL aka SecureTransport back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to...
CVE-2019-14277
Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...
CVE-2019-14277
Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...
Design/Logic Flaw
Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...
CVE-2019-14277
Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...
CVE-2019-14277
CVE-2019-14277 affects Axway SecureTransport 5.x (through 5.3; and 5.x through 5.5 with certain API configuration). The issue is unauthenticated blind XML injection (and XXE) in the REST API resetPassword function, with potential for local file disclosure, DoS, or URI invocation attacks (SSRF) th...
PT-2019-13579 · Axway · Axway Securetransport
Name of the Vulnerable Software and Affected Versions: Axway SecureTransport versions 5.x through 5.3 Axway SecureTransport versions 5.x through 5.5 with certain API configuration Description: The issue concerns unauthenticated blind XML injection and XXE in the resetPassword functionality via th...
Axway SecureTransport Code Issue Vulnerability
Axway SecureTransport is a suite of applications for the secure transfer of files and data from the French company Axway. Axway SecureTransport is vulnerable to a code issue. The vulnerability stems from an improperly designed or implemented code development process for a networked system or...
Axway SecureTransport 5 XML Injection
| | | | | / \ '/ \ | |/ | | / / / | | || | | | /|| |/|| https://zero.lol zero days 4 days ATTENTION: this is a friendly neighborhood zeroday drop Title: Axway SecureTransport 5 Unauthenticated XML Injection / XXE Google Dork: intitle:"Axway SecureTransport" "Login" Date: July 20th 2019 Author:...
Axway SecureTransport 5 - Unauthenticated XML Injection
Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Link:...
Axway SecureTransport 5 - Unauthenticated XML Injection
Axway SecureTransport 5 - Unauthenticated XML Injection Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...
Axway SecureTransport 5 - Unauthenticated XML Injection Vulnerability
Exploit for linux platform in category web applications Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...
Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Vulnerabilities
Exploit for macOS platform in category dos / poc Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Credit: Maksymilian Arciemowicz https://cxsecurity.com/ --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP...
Apple macOS 10.12.1 / iOS 10 SecureTransport SSL Handshake MitM / DoS
Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Credit: Maksymilian Arciemowicz https://cxsecurity.com/ URL: https://cxsecurity.com/issue/WLB-2016100213 --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP...
Apple Mac OS X 10.12/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
Exploit for macOS platform in category dos / poc Apple macOS 10.12/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP requests up to 200k in name of victim during MiTM attack...