CVE-2023-46906

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

CVE-2023-49922

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Default credentials

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

CVE-2023-49922 Beats Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 CVE-2023-20198 Checkscript based on: - Technica...

BoidCMS 2.0.0 Shell Upload

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...

TP-Link TL-WR940N V4 - Buffer OverFlow Exploit

Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow country: Iran Exploit Author: Amirhossein Bahramizadeh Category : hardware Dork : /userRpm/WanDynamicIpV6CfgRpm Tested on: Windows/Linux CVE : CVE-2023-36355 import requests Replace the IP address with the router's IP routerip = '192.168.0.1'...

TP-Link TL-WR940N 4 Buffer Overflow

Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : hardware Dork : /userRpm/WanDynamicIpV6CfgRpm Tested on: Windows/Linux CVE : CVE-2023-36355 import requests Replace the IP address with the router's IP routerip...

OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

AlmaLinux 8 : python27:2.7 (ALSA-2023:2860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2860 advisory. Python: CPU denial of service via inefficient IDNA decoder CVE-2022-45061 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

Online Graduate Tracer System 1.0 SQL Injection

Exploit Title: Online Graduate Tracer System - Multiple SQLi Date: 24/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html Software Download:...

Oracle Linux 9 : python3.9 (ELSA-2023-0953)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0953 advisory. 3.9.14-1.2 - Security fix for CVE-2022-45061 Resolves: rhbz2144072 Tenable has extracted the preceding description block directly from the Oracle Linux security...

SUSE CVE-2016-2572

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...

SUSE CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...

SUSE CVE-2020-13846

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code...

SUSE CVE-2020-15666

When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...

No Rate Limit On Reset Password

Description A rate limiting algorithm is used to check if the user session or IP address has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: Too Many Requests. wikipedia ...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

Scscanner - Tool To Read Website Status Code Response From The Lists

scscanner is tool to read website status code response from the lists. This tool have ability to filter only spesific status code, and save the result to a file. Feature Slight dependency. This tool only need curl to be installed Multi-processing. Scanning will be more faster with multi-processin...

GHSA-7GFC-2V6G-6W9F Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...