Medium: bouncycastle

Issue Overview: A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious...

CVE-2023-33201

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

Access Restriction Bypass

org.springframework.boot:spring-boot-actuator-autoconfigure is vulnerable to Access Restriction Bypass. The vulnerability is due to improper wild card matching, which allows a remote attacker to bypass access restrictions and gain access to the system. Please note that the vulnerability is only...

CVE-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

PT-2021-5840

Name of the Vulnerable Software and Affected Versions vsftpd affected versions not specified Sendmail affected versions not specified Nginx affected versions not specified Description The issue is related to an application layer protocol content confusion attack, exploiting TLS servers implementi...

h1-ctf: [h1-2006 2020] Write up for H1-2006 CTF

I huffed and puffed my way up a flight of stairs into a dimly lit, dusty room, looking for Sherlock. As I made way through scattered books, I exclaimed, "Sherlock, wake up! It’s that time of the year. h1-ctf, a chance to get an invitation to hackerone’s live hacking event. “zer0ttl, of course! Yo...

Arbitrary File Overwrite

github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs...

DNS Analysis Tool: Bluto

The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used. If they a...

APSB16-16 Security update available for ColdFusion

Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue CVE-2016-1113, a host name verification problem with wild card certificates CVE-2016-1115 and include an updated version of Apache Commons Collections library...

gitolite -- path traversal vulnerability

Sitaram Chamarty reports: I'm sorry to say there is a potential path traversal vulnerability in v3. Thanks to Stephane Chazelas for finding it and alerting me. Can it affect you? This can only affect you if you are using wild card repos, and at least one of your patterns allows the string "../" t...

cPanel Multiple CSRF Vulnerabilities

Exploit for unknown platform in category web applications ==================================== cPanel Multiple CSRF Vulnerabilities ==================================== Create Database: Create New Database New Database: Add Redirect: Type Permanent...

cPanel - Multiple Cross-Site Request Forgery Vulnerabilities

cPanel - Multiple Cross-Site Request Forgery Vulnerabilities Create Database: Create New Database New Database: Add Redirect: Type Permanent 301 Temporary 302 http://www.? All Public Domains sEc-r1z.com...

cPanel - Multiple Cross-Site Request Forgery Vulnerabilities

Create Database: Create New Database New Database: Add Redirect: Type Permanent 301 Temporary 302 http://www.? All Public Domains sEc-r1z.com / input name...