896 matches found
CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...
CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...
The vulnerability of web-servers of microprogramming software for devices such as SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, allows a perpetrator to cause service interruptions.
The vulnerability of web-servers of microprogramming software for SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, is related to errors in variable name assignments. Exploiting this vulnerability can allow attackers to cause system failures...
Eclipse Jetty DoS Vulnerability (GHSA-r7m4-f9h5-gr79) - Windows
Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
CVE-2024-8421
...
Emby SSRF HTTP Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Emby SSRF HTTP Scanner', 'Description' = 'Generates a GET request to the provided web servers and executes an SSRF against the targeted EMBY...
ROS-20240827-15
A vulnerability in the ngxhttpv4module module of the NGINX Plus and NGINX OSS web servers is related to reading out-of-bounds memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...
Exploit for OS Command Injection in Php
Fastest CVE-2024-4577 Exploitation Tool Description: PHP C...
New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication
Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service BITS as a command-and-control C2 mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Lab...
The vulnerability of RUGGEDCOM microprogrammed Ethernet switches’ web servers allows attackers to gain unauthorized access to the hash values and passwords of all system users.
The vulnerability of web servers running microprogrammed Ethernet switches from RUGGEDCOM is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the hash values and passwords of all system users...
Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Linux
Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware
An unnamed South Korean enterprise resource planning ERP vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center ASEC, which identified the attack in May 2024, did not attribute it to a known threat act...
XAMPP Resource Management Error Vulnerability
XAMPP is an easy-to-install Apache distribution that includes MariaDB, PHP, and Perl. the product is primarily used for building web servers. A resource management error vulnerability exists in XAMPP 7.3.2 and earlier versions, which stems from a failure to properly handle incoming error messages...
aiohttp < 3.8.6 HTTP Request Smuggling Vulnerability - Windows
aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
aiohttp < 3.9.0 Multiple Vulnerabilities - Windows
aiohttp is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...
aiohttp < 3.8.5 HTTP Request Smuggling Vulnerability - Linux
aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
varnish security update
An update is available for module.varnish, varnish-modules, varnish, module.varnish-modules. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a...
CVE-2024-20353
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...
CVE-2024-20353
CVE-2024-20353 affects Cisco ASA/FTD Web Services. The vulnerability stems from incomplete error checking when parsing HTTP headers, allowing an unauthenticated remote attacker to trigger a reload and cause a DoS. Exploitation is referenced by multiple sources, including CISA’s Known Exploited Vu...
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...