428 matches found
CVE-2019-11464
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and...
CVE-2019-5503
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2019-5503
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
WordPress 5.2.3 - Cross-Site Host Modification Exploit
Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...
WordPress Core 5.2.3 - Cross-Site Host Modification
!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...
WordPress 5.2.3 - Cross-Site Host Modification
WordPress 5.2.3 - Cross-Site Host Modification !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something lik...
WordPress 5.2.3 Remote Cross Site Host Modification
!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...
XSpear - Powerfull XSS Scanning And Parameter Analysis Tool
XSpear is XSS Scanner on ruby gems. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testi...
Remote Code Execution (RCE)
kentico is vulnerable to remote code execution RCE. Failure to validate security headers allow an attacker to bypass authentication and perform unsafe deserialization using a malicious .NET object input, which would lead to remote code execution on the server...
RecScanSec - Reconnaisance Scanner Security
RecScanSec made for reconnaisance Scanner and information gathering with an emphasis on simplicity. It will do everything from. Features Information Security Headers WAF Analyzer Information Disclosure Banner Grabbing Url Crawl HTML Form Detector Port Scanner Get SSL Information Subdomain...
CVE-2019-5496
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
Design/Logic Flaw
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2019-5495
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
Design/Logic Flaw
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2019-5495
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2019-5494
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2019-5496
Oncommand Insight versions prior to 7.3.5 are affected by CVE-2019-5496 due to missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The connected NVD entry lists CVSS scores (2.0/3.0) indicating network access with no authentication...
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...