15 matches found
EUVD-2020-5136
Malware in sbrugna...
EUVD-2020-5137
Malware in sbrugna...
CVE-2020-12854
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...
CVE-2020-12855
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status...
CVE-2020-12855
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status...
Design/Logic Flaw
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status...
CVE-2020-12855
CVE-2020-12855 pertains to SecZetta NEProfile 3.3.11, where a Host header injection vulnerability lets an authenticated remote attacker poison the Host header and influence the execution flow of 302 HTTP redirects. The issue affects the HTTP response handling at redirect points and could enable m...
CVE-2020-12855
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status...
SecZetta NEProfile Host Injection Vulnerability
SecZetta NEProfile is a user-friendly solution that easily enables organizations to manage business processes for third-party identities. A security vulnerability exists in SecZetta NEProfile. A remote attacker who allows authentication could poison the host header, which could lead to the attack...
CVE-2020-12854
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...
CVE-2020-12854
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...
Remote code execution
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...
CVE-2020-12854
CVE-2020-12854 affects SecZetta NEProfile 3.3.11. An authenticated remote attacker can trigger remote code execution by uploading a specially crafted JPEG as the profile avatar. This is a network-exposed vector with low authentication requirements and high impact (CVE shows high in CVSS‑3.1). Pub...
CVE-2020-12854
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...
SecZetta NEProfile 3.3.11 Remote Code Execution Vulnerability
Exploit Title: NEProfile - Remote Code Execution Date: 5/13/2020 Vendor Homepage: https://seczetta.com Software Link: https://seczetta.com/product/ne-profile Version: 3.3.11 Tested on: 3.3.11 Exploit Author: Josh Sheppard Exploit Contact: ghost a t undervurse dotcom Exploit Technique: Remote CVE...