10 matches found
PT-2026-43240
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...
PT-2026-36001
Tenda FH303/A300 firmware V5.07.68 EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...
Dell Secure Connect Gateway 安全漏洞
The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway suffers from an information disclosure vulnerability that originates when sensitive system information is exposed to an unauthorized control domain, which can be exploited by ...
CVE-2022-46407
Ericsson Network Manager ENM, versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to...
CVE-2023-28799
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain...
Vulnerability fixed in FortiMail
FortiNet has fixed a vulnerability in FortiMail. A malicious person with admin rights in a private, possibly self-hosted configured domain is able to read and modify system information modify for a domain for which it is not authorized. FortiNet has released updates to fix the vulnerability in...
Basecamp: Domain Takeover [3737signals.com]
Hi, While i was analyzing the Basecamp3 Android app i found 3737signals.com on the source code as i understand you are passing it to the intentto view it on some case. F1368921 When I opened it on the browser I got DNS error says the domain name does not exist F1368922 As you can see at the botto...
Unauthorized Domain Creation
admin-cli is vulnerable to unauthorised domain creation. The vulnerability is possible since it does not verify the validity of admin's credentials before creation of domain...
CVE-2016-0310
CVE-2016-0310 affects IBM Connections 5.5 and earlier. The vulnerability is a host header injection flaw that can cause navigation to the attacker’s domain. Root cause noted in CNVD records: the program fails to properly validate HTTP request headers, enabling manipulation via the Host header. Ex...
Shopify: Open Redirect at *.myshopify.com/account/login?checkout_url=
Hi, Any user after logging into an any myshopify shop can be redirected to other domain. To reproduce: Send this to victim: http://sehyoginfoshop.myshopify.com/account/login?checkouturl=.np Now when our victim logs in, He will be redirected to https://sehyoginfoshop.myshopify.com.np/ Which is not...