24 matches found
EUVD-2018-12588
Malware in sbrugna...
EUVD-2018-3438
Malware in sbrugna...
EUVD-2018-12587
Malware in sbrugna...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
DomainMOD 4.11.01 ssl-provider-name Cross Site Scripting
Exploit Title : DomainMOD 4.11.01 and before - 'ssl-provider-name' Cross-Site Scripting Author Discovered By : Mohammed Abdul Raheem Company Name : TrekShield IT Solutions Date : 14-02-2019 Vendor Homepage : https://domainmod.org/ Software Information Link : https://github.com/DomainMod/DomainMod...
DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting
DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version:...
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-20009 A Stored Cross-site...
CVE-2018-20009
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20010
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field...
Default credentials
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field...
Default credentials
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20009
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20010
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field...
Design/Logic Flaw
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter...
CVE-2018-11404
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter...
DomainMod cross-site scripting vulnerability (CNVD-2018-10361)
DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. A cross-site scripting vulnerability exists in DomainMod version 4.09.03. A remote attacker can exploit this vulnerability by sending the 'sslpaid' parameter to the...