CVE-2021-32663 Unauthorized setup leads to SSRF in Combodo/iTop

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later...

CVE-2021-30810

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup...

CVE-2021-30810

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup...

CVE-2021-30810

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup...

PT-2021-19841 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.6.5 iTop versions prior to 2.7.5 Description: The issue affects iTop, an open source web-based IT Service Management tool. An attacker can call the system setup without authentication, and given specific parameters,...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Playground === This is a small Docker recipe for...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Playground === This is a small Docker recipe for...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Playground === This is a small Docker recipe for...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Playground === This is a small Docker recipe for...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Playground === This is a small Docker recipe for...

in cortezaproject/corteza-server

Setup the application on your local system. Steps: -------- 1. Login in application and navigate to the settings, where change the user password and capture the request in burp suit. 2. Now logout from application and copy the Authorization token. 3. After logout the authorization token must be...

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to an incorrect connection-setup ordering in fs/nfs/nfs4client.c...

Dell BIOS Trust Management Issue Vulnerability

BIOS is an acronym that stands for Basic Input Output System. Also known as "system setup", BIOS is the embedded software inside a small memory chip on the motherboard of a computer. This chip is called a complementary metal oxide semiconductor CMOS. The Dell BIOS is vulnerable to trust managemen...

Vmware VMware vCenter Server 授权问题漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...

多款 Apple 产品授权问题漏洞

Apple iOS and others are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating...

How to Set Up a NAS to Securely Share Files

From file backups to movie streaming, network attached storage drives offer plenty of functions and features...

NETGEAR R6020 Command Injection Vulnerability

The NETGEAR R6020 is a router from Netgear, Inc. NETGEAR R6020 is vulnerable to a command injection vulnerability in version 1.0.0.48, which stems from a lack of validation and filtering in the ntpserver field of setup.cgi. An attacker with administrator status can use this vulnerability to injec...

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

CVE-2021-40444 PoC - Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

Malicious docx generator to exploit CVE-2021-40444 Microsoft Office Word Remote Code Execution Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 docx file You need to install lcab first...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here...