OS Command Injection in fabio286/antares

✍️ Description The application displays the connection error message returned by the server without removing the malicious tags, which leads to XSS attacks. https://imgur.com/3MhhvFp.png https://i.imgur.com/RksNgXF.png Being an application made in electron, an XSS can be scaled to RCE, making it...

Studio-42 Elfinder Remote Code Execution Vulnerability

Studio-42 Elfinder is an open source web file manager. Studio-42 Elfinder suffers from a remote code execution vulnerability that stems from a server error when parsing .phar into php. An attacker could give cause code remote execution through this vulnerability...

studio-42/elfinder 代码问题漏洞

Studio-42 Elfinder is an open source web file manager. Studio-42 Elfinder suffers from a remote code execution vulnerability that stems from a server error when parsing .phar into php. An attacker could give cause code remote execution through this vulnerability...

Http/1.1 Internal Server Error 43531 Error after upgrading to Citrix Gateway 13.0 71.44 and 12.1 60.16

After successful authentication on Citrix Gateway, the enumeration of the published application failed with the error below: Http/1.1 Internal Server Error 43531...

in utmsigep/member-directory

✍️ Description Entering unintended values during the member creation flow causes unusual database state, unhandled exceptions/stack trace disclosure and denial of service due to continuous page crashes. 🕵️‍♂️ Proof of Concept - Select a member-status/group - Create New Member - Enter an invalid...

App Layering - Error: Server 503 “Azure Server Busy” Error

...

UPchieve: User enumeration through forget password

Vulnerability:- -User enumeration is possible through forgot password feature. steps to reproduce:- -Go to the above selected domain and go to forgot password. -submit random email and then intercept request by burp suit -in response you will get HTTP/1.1 500 Internal Server Error with "err":"No...

CVE-2020-28898

In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation...

Input validation

In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation...

CVE-2020-28898

In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation...

QED ResourceXpress 输入验证错误漏洞

QED ResourceXpress is an application from QED USA. a centralized application that helps you book meeting rooms, desks and cluttered spaces more efficiently. A security vulnerability exists in QED ResourceXpress version 4.9k and prior versions that stems from a server error during script execution...

PYSEC-2021-11

django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters...

"Http/1.1 Internal Server Error 43531" when accessing Citrix Gateway after upgrading to version 13.0

Users will get the error "Http/1.1 Internal Server Error 43531" The ns.log will give error as below: Dec 23 14:52:26 , aaainfo flags 11 flags2 0, new webview 0, sess flags2 0, flags3 0 flags4 400 ssoDomain , ssoUsername: , ssoUsername2: " Dec 23 14:52:26 XXX.XXX.X.XXX 12/23/2020:19:52:26 GMT...

Red Hat 3scale API Management Platform Input Validation Error Vulnerability

Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid implementation of API sharing, protection, distribution, control, and monetization. An input validation error vulnerability exists in Red Hat 3scale API Management Platform that allo...

CVE-2021-20252

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

Denial of service

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

Kartpay: Duplicate Entry of email leads to 500 Server Error which disclosing the SQL Database table information

The Issue was with the process of Deletion of the merchant data from the admin Dashboard. The Admin has rights to delete the merchant email ID and further, it gets deleted as Soft delete, not the full delete but there was no Validation to the codes which can detect the re-registration of the same...

“Failed to access public folders. An internal server error occurred”

Veeam Support Knowledge Base answer to: Error: “Failed to access public folders. An internal server error occurred”...

Radius Challenge Response Timeout Between NetScaler Gateway and Radius Server

When using two-factor challenge/response authentication through RADIUS, the NetScaler Gateway imposes a session timeout for the RADIUS challenge/response dialogue. In case of SMS token code delivery, there might be long delays between the challenge displayed to the user and the actual submission ...

Joining Storefront to Server Group Error "Cannot Join Server Group"

Error when trying to add second SF server to existing group: "Cannot join server group There was a problem connecting to the authorizing server. Verify the server name and try again." Joining Storefront Server will show the following Event under "Citrix Delivery Services Logs " Log Name: Citrix...