CVE-2023-41151

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing...

PT-2023-27826 · Softing · Softing Opc Ua C++ Sdk

Name of the Vulnerable Software and Affected Versions: Softing OPC UA C++ SDK versions prior to 6.30 Description: An uncaught exception issue may cause the application to crash when the server wants to send an error packet, while the socket is blocked on writing. Recommendations: For versions pri...

encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

Can't view license usage on Studio - Error "Citrix license server unavailable"

Can't view license usage on Studio - "Citrix License server unavailable." When accessing the License Manager web console, error Unsupported Protocol with the message "The client and server don't support a common ssl protocol version or cipher suite" appears...

OESA-2023-1682 grpc security update

gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, relates to the ability to disclose information through a server error message, allowing an intruder to gain unauthorized access to the database.

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, involves the disclosure of information through server error messages. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to the database...

PT-2023-5183 · Unknown · Qms Automotive

Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: The issue is related to the disclosure of information via a server error message, potentially allowing a remote attacker to gain unauthorized access to the database. The affected applicatio...

"Internal Server Error 43549" response from Gateway with malformed request "/epatype?Param"

Security scanning report vulnerability on ADC: Web Server Misconfiguration - Server Error Message when http request url includes "/epatype?"...

iOS Workspace Error "Http/1.1 Internal Server Error 43549" via Gateway nFactor Authentication

Workspace for iOS shows "Http/1.1 Internal Server Error 43549" after successful authentication via NetScaler Gateway. Workspace for Windows works fine. AAA nFactorauthentication profile is configured in NetScaler Gateway...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that...

Mars: debug.log File Exposure that exposes (user/████) username and password at █████████

A debug log file exposure vulnerability was discovered that allowed sensitive information to be viewed. The debug log file contained a username and password, which could enable unauthorized access to the application if exploited. To address this, restricting access to the debug log file and...

After VDA upgrade from 1912 to 2203 Apps are not launching

After VDA upgrade from 1912 to 2203, apps are not launching. Showing error "The Citrix server cannot currently process the request to launch this published application." A MetaFrameEvent is logged on the VDA "Ensure that the application is installed, and that the user has permission to launch it....

SAML Intermittence on Citrix Gateway: Internal server error 43524

Users may experience intermittent issues during the SAML configuration process on Citrix Gateway. This can result in unpredictable behavior, with some users successfully accessing the SAML login while others encountering an "Internal server error 43524" message...

Nextcloud: Error when editing a calendar appointment returns stacktrace and query

A vulnerability was found where editing a calendar appointment and changing the ID to a non-existent value returned an error exposing internal server paths and an SQL query. The issue allowed disclosure of sensitive information...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

Post Action Report: Bad Firewall Rule Released to WPEngine Customers Wednesday

On Wednesday afternoon a small percentage of WPEngine websites using a paid version of Wordfence experienced a 500 Internal Server Error or white screen on their sites due to an erroneous firewall rule that we released. If you have experienced this issue, please check your email which contains...

Citrix Hypervisor - Unable to join server to existing pool

Unable to join the server to pool. Error from xencenter: "The server was unable to contact your domain server to enable external authentication. Check that your settings are correct and a route to the server exists."...

Storefront - Storefront URL becomes inaccessible after adding HTTP Response Header

After mitigating the HTTP Security Header Not Detected Vulnerability in IIS by adding HTTP Response Headers, the Citrix Storefront url may become inaccessible. Users might be presented with the "500 Internal server error" message...

Concrete5 CME v9.1.3 - Xpath injection

Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3...

Blind LFI in register-model/get?name=

Description A blind LFI exists in /ajax-api/2.0/mlflow/registered-models/get?name= The response from the server is different depending on if the file exists on the local file system or not. When the arbitrary local file exists, the server responds with 500 INTERNAL SERVER ERROR and when it doesn'...