Xxe

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...

CVE-2018-18406

The CVE-2018-18406 issue affects Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is vulnerable to a blind XXE when saving a new Best Practices Report via a crafted XML payload, causing restricted OS files to be exposed inside the report’s name data field. Affec...

TufinOS 2.17 Build 1193 - XML External Entity Injection

TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Date: 2018-10-18 Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A...

TufinOS 2.17 Build 1193 - XML External Entity Injection Vulnerability

Exploit for linux platform in category web applications Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1...

TufinOS 2.1.7 Build 1193 XML Injection

Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Date: 2018-10-18 Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1. Description The SecureTrack applicati...