430 matches found
SUSE CVE-2017-2834
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...
SUSE CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
An attacker can be post message in other memos page
Description An attacker can be post malicious content to other user's memos page via POST request, attacker just add an creatorID into body request and send it with Burpsuite Here is video poc: https://drive.google.com/file/d/1dNKo-ybfguam4YdvmluYujN2nkTG5D9G/view?usp=sharelink Proof of Concept...
Stored XSS via XML File
Description When user upload a file with .xml extension and direct access this file, the server response with Content-type: image/svg+xml lead to processing XML as HTML file POC POST /flatpress-master/admin.php?p=uploader&action=default HTTP/1.1 Host: localhost Content-Length: 639 Origin:...
IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...
SolarWinds Security Event Manager Information Disclosure Vulnerability
SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. An information disclosure vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4, which stems from the...
CVE-2022-38113
This vulnerability discloses build and services versions in the server response header...
Design/Logic Flaw
This vulnerability discloses build and services versions in the server response header...
CVE-2022-38113 Information Disclosure Vulnerability
This vulnerability discloses build and services versions in the server response header...
CVE-2022-38113 Information Disclosure Vulnerability
This vulnerability discloses build and services versions in the server response header...
CVE-2022-38113
CVE-2022-38113 corresponds to an information-disclosure vulnerability in SolarWinds Security Event Manager (SEM). The issue stems from server response headers disclosing build and service-version information, enabling an attacker to determine software aging and lineage. Public sources consistentl...
Cross site scripting
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page...
SEPPmail 跨站脚本漏洞
SEPPmail is an email encryption and signing solution from the Swiss company SEPPmail. A security vulnerability exists in SEPPmail version 11.1.10, which stems from a cross-site scripting vulnerability XSS in which user input is not properly encoded as HTML attributes when returned by the server...
nginx 1.1.x < 1.23.2 / 1.0.x < 1.22.1 Memory Disclosure
The installed version of nginx is 1.0.x prior to 1.22.1 or 1.1.x prior to 1.23.2. It is, therefore, affected by a memory disclosure in the ngxhttpmp4module that allows an attacker to cause a worker process crash or worker process memory disclosure. The issues only affect nginx if it is built with...
CVE-2022-2928
In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...
Code injection
In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...
Basecamp: Arbitrary write in the application's data folder and arbitrary read of server's replies from 3rd party apps.
A path traversal vulnerability was found in the Android app com.basecamp.bc3 version 3.26.3, allowing an attacker to write arbitrary files in the app's private directory. Additionally, the attacker could redirect server responses containing sensitive information to 3rd party apps using a...
CLSA-2022-1663184487 Fix CVE(s): CVE-2022-35252
SECURITY UPDATE: When curl sends back to an HTTPS server cookies with control bytes, it might make the server return a 400 response - debian/patches/CVE-2022-35252.patch: reject cookies with control bytes 0x01-0x1f except 0x09 plus 0x7f - CVE-2022-35252...
OESA-2022-1908 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies...
curl 安全漏洞
curl is a tool for transferring data from or to a server. A security vulnerability exists in curl versions 4.9 through 7.84, which stems from the fact that when curl retrieves and parses a cookie from an HTTPS server, it accepts the cookie using a control code a value of less than 32 bytes, which...