52 matches found
Safedog Apache SQL Injection Vulnerability
Safedog Apache is a web content security, web resource protection, and IP black and white list server tool from Safedog, a Chinese company. An attacker could use this vulnerability to bypass access to sensitive data...
CVE-2020-15733
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29...
CVE-2020-15733 URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29...
CVE-2019-1010249
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The attack...
CVE-2019-1010250
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...
Command injection
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command...
How to make Microsoft 70-412 exam preparation effective with Prepaway web resource
By Owais Sultan The Microsoft 70-412 certification exam validates that you have what it takes to configure advanced Windows Server 2012. This test is one of three exams that measure the skills of a candidate on matters to do with deployment, management, and maintenance of Windows Server 2012. The...
Unspecified vulnerability in ipip-coffee
ipip-coffee is an IP database query module for Node.js. A security vulnerability exists in ipip-coffee that originates when the program downloads resources over HTTP. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack, affecting the integrity and availability of data...
Unspecified vulnerability in hubl-server module
The hubl-server module is a module for installing a hudl server. A security vulnerability exists in the hubl-server module that originates from a program using the HTTP protocol to download resources. An attacker can exploit this vulnerability to execute code on the system...
CVE-2018-6792
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...
Reflected Cross-site Scripting (XSS)
Keycloak services is vulnerable to reflected cross-site scripting XSS attacks. These attacks are possible because keycloak would accept a HOST header URL within the admin console when determining the web resource location...
CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
Infogram: Internal Ports Scanning via Blind SSRF
Introduction: I found a Blind SSRF issue that allows scanning internal ports. How to reproduce: Login Send the request https://infogram.com/api/webresource/url?q=TARGETURI Look up the response. If valid, it returns status code 200 and the website's title will be exposed, or 404 for otherwise. For...
CVE-2017-12158
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
CVE-2017-5218
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...
CVE-2017-5218
CVE-2017-5218 affects SageCRM 7.x before 7.3 SP3. The vulnerability lies in AP_DocumentUI.asp where Utilityfuncs.js assembles a SQL statement using a database variable that can be populated via the URL, enabling manipulation to access the underlying database. A proof-of-concept payload demonstrat...
Infobae Cross Site Scripting
ADVISORY INFORMATION =================== Title: Multiple Reflected XSS vulnerabilities in Infobae Website Date published: 2016-20-05 Vendors contacted: No answer received Vendors website: http://www.infobae.com/ Discovered by: Joel Noguera Independent Security Researcher Severity: Medium AFFECTED...
CVE-2015-6317
Cisco Identity Services Engine ISE before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926...
Design/Logic Flaw
Cisco Identity Services Engine ISE before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926...