CVE-2019-5156

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command...

Unable to map printers using Citrix policies from the cloud hosted Citrix Studio

Steps to reproduce the error: 1. Login to Citrix cloud portal and launch the Studio. 2. Select the Policies Tab in the cloud hosted Studio. 3. Navigate to Session printers and add new printer. 4. Browse the Print server using the UNC path and click browse. 5. It times out 6. If the server and the...

Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have...

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

CVE-2015-5361

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions gates are specific to source and destination IPs and ports of client and server. The design intent of the...

Design/Logic Flaw

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions gates are specific to source and destination IPs and ports of client and server. The design intent of the...

PT-2020-7862 · Juniper Networks · Srx +1

Name of the Vulnerable Software and Affected Versions: SRX affected versions not specified Description: The issue arises from the ftps-extensions option, which is disabled by default. This option is intended to provide functionality similar to regular, unencrypted FTP traffic when the SRX secures...

Design/Logic Flaw

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter...

CVE-2020-8952

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter...

SmartCard device is disconnected from ICA after 60s .Users smart card connection is timed out while renewing the certificates on Smart card

When users are using SmartCard device to Launch Desktop or Application, the have noticed that after logging to ICA session Citrix Virtual Apps & desktops version 7.15 CU2 LTSR on Windows Server 2016 all user's certificates checked with special application. If a certificate is not valid/expired,...

UBUNTU-CVE-2020-1768

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions...

CVE-2011-4912

Joomla! commailto 1.5.x through 1.5.13 has an automated mail timeout bypass...

CVE-2011-4912

CVE-2011-4912 affects Joomla! com_mailto 1.5.x through 1.5.13 and is characterized by an automated mail timeout bypass. The connected records reiterate the same issue across multiple sources. The documents do not provide concrete exploit details, affected configuration specifics, or a remediation...

CVE-2011-4912

Joomla! commailto 1.5.x through 1.5.13 has an automated mail timeout bypass...

Anviz CrossChex Buffer Overflow

Waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast, triggering a stack buffer overflow. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Anviz...

lemlist: SSRF in img.lemlist.com that leads to Localhost Port Scanning

Summary: A SSRF attack can be performed leading to localhost port scanning. Link : https://img.lemlist.com/api/image-templates/itpvBBNpQuMsy6FYLQAc/?preview=true&email=email@ Steps To Reproduce: To perform this port scan you'll need to setup a few files. First of all you need to change the url in...

How to change the default lifetime of Compositing Engine packaging machine in ELM

By default, if finalization has not begun in 3 days of time since the Packaging Machine was created, the task will be canceled with a timeout error. On the ELM logs, you may see something like the below: 2020-01-02 13:43:59,486 ERROR 61605 CompositingEngineP: Timeout occured after...

Linux: SSH ClientAliveInterval

The two options ClientAliveInterval and ClientAliveCountMax control the timeout of ssh sessions. When the ClientAliveIntervalvariable is set, ssh sessions that have no activity for the specified length of time are terminated. When the ClientAliveCountMax variable is set, sshdwill send client aliv...

Linux: SSH ClientAliveCountMax

The two options ClientAliveInterval and ClientAliveCountMax control the timeout of ssh sessions. When the ClientAliveIntervalvariable is set, ssh sessions that have no activity for the specified length of time are terminated. When the ClientAliveCountMax variable is set, sshdwill send client aliv...

Error: Lost connection to lmgrd, heartbeat timeout expired, exiting. EXITING DUE TO SIGNAL 28 Exit Reason 5 in License server

The following error appears in the log files on the License Server and the connection to the License Server is disconnected: Lost connection to lmgrd , heartbeat timeout expired, exiting. EXITING DUE TO SIGNAL 28 Exit Reason 5...