Lucene search
K

377 matches found

Github Security Blog
Github Security Blog
added 2022/04/27 9:25 p.m.57 views

ECP SAML binding bypasses authentication flows

Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's...

6.8CVSS7.6AI score0.00874EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.3 views

keycloak-server-spi-private: ECP SAML binding bypasses authentication flows

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

6.8CVSS5.7AI score0.00874EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/01/13 9:44 p.m.40 views

CVE-2021-34978

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigg...

8.8CVSS9.1AI score0.0152EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2021/10/28 12:0 a.m.49 views

NETGEAR R6260 setupwizard.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow...

8.8CVSS6.4AI score0.0152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/09/24 7:13 a.m.63 views

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

6.8CVSS3AI score0.00874EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2021/09/18 3:25 p.m.193 views

Exploit for CVE-2021-38647

It is an offensive tool for testing CVE-2021-38647, a vulnerabil...

9.8CVSS8.4AI score0.99723EPSS
Exploits19
Mageia
Mageia
added 2021/06/16 8:22 p.m.156 views

Updated gsoap packages fix security vulnerabilities

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability CVE-2020-13574. A denial-of-service vulnerability exists in...

9.8CVSS1.4AI score0.0586EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2021/05/18 12:0 a.m.39 views

openSUSE Security Update : gsoap (openSUSE-2021-632)

This update for gsoap fixes the following issues : - CVE-2020-13576: Fixed a remote code execution via specially crafted SOAP request inside the WS-Addressing plugin boo1182098 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

9.8CVSS9AI score0.0586EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/05/11 12:0 a.m.115 views

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability Recent assessments: zeroSteiner at June 09, 2021 3:31pm UTC reported: The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user-supplied data. This can be leveraged by an attacker to leak sensitive information in...

8.8CVSS8.5AI score0.30045EPSS
Exploits5References4
OSV
OSV
added 2021/03/25 5:15 p.m.1 views

DEBIAN-CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

9.8CVSS9.3AI score0.04983EPSS
Exploits1References1
NVD
NVD
added 2021/03/25 5:15 p.m.36 views

CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

9.8CVSS0.04983EPSS
Exploits1References3
Prion
Prion
added 2021/03/25 5:15 p.m.28 views

Remote code execution

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

7.5CVSS9.7AI score0.04983EPSS
Exploits1References3Affected Software6
Cvelist
Cvelist
added 2021/03/25 4:1 p.m.50 views

CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

9.8CVSS10AI score0.04983EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2021/03/25 12:0 a.m.61 views

Integer Overflow or Wraparound

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

9.8CVSS3.4AI score0.04983EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2021/03/24 12:0 a.m.58 views

Genivia gSOAP WS-Addressing plugin code execution vulnerability redux

Talos Vulnerability Report TALOS-2021-1245 Genivia gSOAP WS-Addressing plugin code execution vulnerability redux March 24, 2021 CVE Number CVE-2021-21783 Summary A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP...

9.8CVSS10AI score0.04983EPSS
Exploits1
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.4 views

Genivia gSOAP 输入验证错误漏洞

Genivia gSOAP is a C/C++ software development toolkit with automatic coding capabilities from Genivia, USA. A security vulnerability exists in Genivia gSOAP version 2.8.107, which stems from an exception in the handling of user input by the program, and can be exploited by an attacker to cause...

9.8CVSS8.2AI score0.04983EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2021/03/17 12:0 a.m.44 views

Fedora 33 : gsoap (2021-faea36a9c3)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-faea36a9c3 advisory. - A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can le...

9.8CVSS8.5AI score0.0586EPSS
Exploits5References6
Veracode
Veracode
added 2021/03/09 9:46 p.m.35 views

Denial Of Service (DoS)

gsoap:sid is vulnerable to a denial-of-service vulnerability. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

7.5CVSS1.2AI score0.03023EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2021/03/09 9:46 p.m.73 views

Remote Code Execution

gsoap is vulnerable to remote code execution. The WS-Addressing plugin functionality allows an attacker to execute arbitrary code on the host OS using a malicious SOAP request...

9.8CVSS4.4AI score0.0586EPSS
Exploits1References7Affected Software1
CNVD
CNVD
added 2021/02/20 12:0 a.m.22 views

Genivia gSOAP Null Pointer Dereference Vulnerability

gSOAP is a C/C++ library for developing XML-based Web services . A null pointer dereference vulnerability exists in the WS-Security plug-in feature of Genivia gSOAP 2.8.107. An attacker could exploit this vulnerability by sending a specially crafted SOAP request to cause a denial of service...

7.5CVSS6.5AI score0.03023EPSS
Exploits1References1
Rows per page
Query Builder