Information disclosure

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...

CVE-2020-7227

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...

CVE-2020-7227

CVE-2020-7227 affects Westermo MRD-315 devices running firmware 1.7.3 and 1.7.4. An information-disclosure vulnerability allows an authenticated remote attacker to retrieve the source code of several web application functions by issuing requests that omit certain mandatory parameters. Affected pa...

Introducing Microsoft Application Inspector

Modern software development practices often involve building applications from hundreds of existing components, whether they’re written by another team in your organization, an external vendor, or someone in the open source community. Reuse has great benefits, including time-to-market, quality, a...

WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website

The Web Application FirewallFingerprinting Tool. — FromEnable Security How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

CVE-2020-6170

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

Authentication flaw

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

CVE-2020-6170

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

CVE-2020-6170

CVE-2020-6170 affects Genexis Platinum-4410 v2.1 (Firmware P4410-V2–1.28). The issue is an authentication bypass that allows an attacker to obtain cleartext credentials from the HTML source of the cgi-bin/index2.asp page. Publicly visible exploitation exists (e.g., Exploit-DB, PacketStorm) illust...

Dsync - IDAPython Plugin That Synchronizes Disassembler And Decompiler Views

IDAPython plugin that synchronizes decompiled and disassembled code views. Please refer to comments in the source code for more details. Requires 7.2 Download Dsync...

Information disclosure

An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code...

Cross-site Scripting (XSS)

craftcms is vulnerable to Cross-site Scripting XSS. The vulnerability exists because it does not handle the header insertion field when adding source code at an s/admin/entries/news/new URI...

CVE-2019-9554

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI...

CVE-2019-9554

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI...

Code injection

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI...

GitLab CE/EE Access Control Error Vulnerability (CNVD-2020-03846)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...

Heatmiser Netmonitor 3.03 - Hardcoded Credentials Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software:...

Heatmiser Netmonitor 3.03 - Hardcoded Credentials

Heatmiser Netmonitor 3.03 - Hardcoded Credentials Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Date: 2019-12-22 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf...

Heatmiser Netmonitor 3.03 - Hardcoded Credentials

Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Date: 2019-12-22 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software: Netmonitor v3.03 Product Version: Netmonitor...

U.S. Dept Of Defense: Git repo on https://██████.mil/ discloses API password

Summary: I found a .git repository on https://███████.mil/.git which discloses an API password for Yubikey on 2 different domains, together with full source code. Description: Fetching the git repository and decompressing the objects results in the ability to read the source code of the server,...