89 matches found
CVE-2018-1999017
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery SSRF vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath$url that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appear...
Dirhunt - Find Web Directories Without Bruteforce
Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors , directories where an empty inde...
Malware Network Communication Provides Better Early Warning Signal
Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better...
New Attack Targeting Microsoft Outlook Web App (OWA) to Steal Email Passwords
Researchers have unearthed a dangerous backdoor in Microsoft's Outlook Web Application OWA that has allowed hackers to steal e-mail authentication credentials from major organizations. The Microsoft Outlook Web Application or OWA is an Internet-facing webmail server that is being deployed in...
Jenkins-CI Script-Console Java Execution
This module uses the Jenkins-CI Groovy script console to execute OS commands using Java. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins-CI Script-Console Java Execution', 'Description'...
Relative IP Identification number change
The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ipid field of the ip packets sent by this host. SPDX-FileCopyrightText: 1999 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
ChatZilla DoS
Large CPU consumption on oversized server requests...
Дырка в WEbSphere
При HTTP-запросе в котором указано имя сервера не подходящее ни под один из виртуальных серверов показывается содержимое JSP-страницы...
Security Update For Exchange Server 2013 CU9 (KB3087126)
This security update resolves a vulnerability in Microsoft Exchange Server. The vulnerability could allow information disclosure if Outlook Web Access OWA fails to properly handle web server requests...