37 matches found
germanyserverhost.com Cross Site Scripting vulnerability OBB-3365386
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-25690 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...
CVE-2022-26394 Unauthenticated network reconfiguration via TCP/UDP
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail...
WordPress Tatsu plugin file upload vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...
CVE-2021-28975
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mstservers page, for a crafted serverhost, servername, or connectionparameter parameter...
rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) Exploit (2)
Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host: Linux+XAMPP import...
WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload
Exploit Title: WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload Date: 2020-10-20 Exploit Author: Net-Hunter Google Dork: N/A Software Link: https://ms.wordpress.org/plugins/hs-brand-logo-slider/ Vendor Homepage: https://www.heliossolutions.co/ Tested on: Linux Apache / Wordpre...
Advie Framework 2.0.8 Cross Site Scripting
Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...
Licensing Error: "Inconsistent Server Host ID"
When importing a license file in the XenApp 6.0 License Administration Console, the following error occurs: Inconsistent server host ID in C:\Program Files x86\Citrix\Licensing\MyFiles\licensexxxxxxx.lic...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2018-17199)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products an...
Design/Logic Flaw
VNC server implementation in Quick Emulator QEMU 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto th...
CVE-2017-5655
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Template Name field when renaming a template; 2 KDC Server host, 3 Kerberos Security Realm, 4 Kerberos Encryption Types, 5 Advanced...
Shopify: (FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'
Hello, Found a website of you guys that is poiting to: shardm-reader.chi2.shopify.io' This domain is disclosure fill path because there is none MySQL server host. POC: https://104.196.154.1/ Response a whole page with path disclosures: lib/patches/mysqlmonitoring.rb:19:in connect'...
curl: re-using authenticated connection when unauthenticated
It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server...
D-Link DIR-890L Command Execution Vulnerability
The D-Link DIR-890L is a router device. A command execution vulnerability exists in the D-Link DIR-890L. An attacker can exploit the vulnerability to gain remote control of a server host...
SSH Protocol Versions Supported
Identification of SSH protocol versions supported by the remote SSH Server. Also reads the corresponding fingerprints from the service. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...