98 matches found
CVE-2017-16136
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...
japaneseverbconjugator.com XSS vulnerability
Open Bug Bounty ID: OBB-456859 Description| Value ---|--- Affected Website:| japaneseverbconjugator.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...
tamildiction.org XSS vulnerability
Vulnerable URL: http://tamildiction.org/verbdictionary/index.php?verb=1/-///'/"//--...
Kovter becomes almost file-less, creates a new file type, and gets some new certificates
Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their...
CVE-2 0 1 4-6 3 5 2 vulnerability and targeted attacks sample analysis-vulnerability warning-the black bar safety net
Primer People do,day in look. Recent 3 6 0 days eye the lab captured an example for India the orientation of the attack of the sample,the sample advantage of the sandworm vulnerability patch bypass Vulnerability CVE-2 0 1 4-6 3 5 2,was analyzed after confirmation, we think this is Trend Micro in...
Start Deutsch Verb - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Start Deutsch Verb published at the 'play' market has multiple vulnerabilities...
German Verb Prepositions Quiz - Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application German Verb Prepositions Quiz published at the 'play' market has multiple vulnerabilities...
German Verb Conjugator - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application German Verb Conjugator published at the 'play' market has multiple vulnerabilities...
SAP HANA Application Lifecycle manager - CSRF token bypass (Verb tampering)
Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: CSRF token bypass Verb tampering Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 21.08.2014 Reference: SAP Security Note 2011169 Author: Dmitry Chastukhin ERPScan Description It ...
[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-023: HTTP verb tampering issue in SAPJTECHS This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
CVE-2014-5175
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAPJTECHS...
Authentication flaw
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAPJTECHS...
CVE-2014-5175
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAPJTECHS...
Ipswitch WS_FTP Server 5.05 XMD5 Overflow
No description provided by source. $Id: wsftpserver505xmd5.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
Texas Imperial Software WFTPD 3.23 SIZE Overflow
No description provided by source. $Id: wftpdsize.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
SAP CTC Service Verb Tampering User Management
This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 authentication required. This modul...
RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1798 advisory. - Invoker servlets authentication bypass HTTP verb tampering CVE-2011-4085 - openid4java AX extension: MITM due to improper validation of AX...
http-vuln-cve2010-0738 NSE Script
Tests whether a JBoss target is vulnerable to jmx console authentication bypass CVE-2010-0738. It works by checking if the target paths require authentication or redirect to a login page that could be bypassed via a HEAD request. RFC 2616 specifies that the HEAD request should be treated exactly...
Invoker servlets authentication bypass (HTTP verb tampering)
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
Invoker servlets authentication bypass (HTTP verb tampering)
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...