CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

...

CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

Cisco Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass

According to its self-reported version number, the installation of Cisco Unified MeetingPlace Web Conferencing hosted on the remote web server is potentially affected by a security bypass vulnerability due to the lack of validation of the current password and HTTP session ID during a password...

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

Progress MOVEit Transfer Web Interface Detection

The web interface for Progress MOVEit Transfer (formerly known as Ipswitch MOVEit DMZ) was detected on the remote host. This plugin does not attempt to detect the...

Quest DR Series Appliance Web Detection

The web interface for a Quest DR Series disk backup appliance, formerly Dell DR Series, was detected on the remote...

Veritas NetBackup Appliance Web Console Detection

An administrative web console for Veritas NetBackup Appliance, a device for storage and backup applications, is running on the remote...

VMware Aria Operations Web UI Detection

The remote web server is running the web UI for VMWare Aria Operations (formerly VMware vRealize Operations Manager), a cloud operations management...

Schneider Electric InduSoft Web Studio Detection

The remote host is running Schneider Electric InduSoft Web Studio, a software application for managing and monitoring remote SCADA...

Visualware MyConnection Server Web Default Credentials

The remote host is configured to accept the default credentials for Visualware MyConnection Server (MCS), a web-based network quality management application. A remote attacker can exploit this to gain administrative...

Advantech WebAccess Web Administration Interface Detection

The remote host is running a web interface for Advantech WebAccess, a web-based SCADA HMI...

IBM Cognos Analytics Web Interface Detection

The web interface for IBM Cognos Analytics was detected on the remote...

Cisco EPN Manager Detection (Web UI)

The remote host is running Cisco Evolved Programmable Network (EPN) Manager, an application used for element and network management across converged access, aggregation, and core...

Johnson Controls exacqVision Web Service Detection

The Johnson Controls exacqVision Web Service, a web application allowing users to use a web browser to view live video, search and play back recorded video, and control pan/tilt/zoom functions on cameras connected to exacqVision servers, is running on the remote...

Hikvision IP Camera Web Interface Detection

Nessus was able to detect the web interface for a Hikvision IP camera on the remote...

Emerson SM-Ethernet Web Interface Detection

The remote host is running an Emerson SM-Ethernet web interface, part of a software platform for managing and monitoring remote SCADA...

IBM Storwize Web Management Interface Detection

The remote host is running a web management interface for administering an IBM Storwize device, a storage management...

Microsoft Azure CycleCloud Web Interface Detection

The web interface for Microsoft Azure CycleCloud was detected on the remote...

SolarWinds Web Help Desk Installed (Windows)

SolarWinds Web Help Desk was detected on the remote Windows...

Cisco DNA Spaces Connector Web Detection.

The web user interface for Cisco DNA Spaces Connector was detected on the remote host. Note that HTTP form credentials are required to retrieve version...

HP DesignJet Printer Web Interface Detection

The web interface for HP DesignJet Printer was detected on the remote...

QLogic QConvergeConsole GUI Web Interface Detection

Nessus was able to detect the QLogic QConvergeConsole web interface for a network interface management tool on the remote...

Schneider Electric InduSoft Web Studio Detection

The remote host has Schneider Electric InduSoft Web Studio installed. This is a development and maintenance software for wireless SCADA...

VMware vRealize Automation Web UI Detection

The remote web server is running the web UI for VMware vRealize Automation, a cloud automation virtual appliance. Note: To obtain accurate version and build information provide HTTP basic authentication...

Tridium Niagara AX Web Server Detection

The remote host is running the Tridium Niagara AX Web Server, Tridium Niagara AX is a development framework used to create software for use in SCADA...

Exploit for OS Command Injection in Gitlab

CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce...

HP PageWide Printer Web Interface Detection

The remote host is an HP PageWide printer. It is possible to obtain the product, firmware versions, and more via the web...

ShareFile Storage Zones Controller Web Detection

The web interface for Citrix ShareFile Storage Zones Controller was detected on the remote host. ShareFile is a secure content collaboration, file sharing and sync solution. Storage Zones Controller provides private data storage, either an on-premises network share that you manage or a supported...

Cisco Telepresence Management Suite Web Detection

This script uses Windows credentials to detect whether the remote host is running Cisco Telepresence Management Suite, a video conferencing application, and extracts the version number if...

NetApp SANtricity Web Services Proxy Detection

The remote host is running NetApp SANtricity Web Services Proxy, which provides a REST API for managing NetApp...

Western Digital MyCloud Web Interface Detection

Nessus was able to detect the web administration interface for a Western Digital MyCloud device on the remote...

Trend Micro OfficeScan Web Interface Detection

Trend Micro OfficeScan, an enterprise security platform, is running on the remote host. It is possible to extract version information if login credentials are...

Western Digital TV Web Interface Detection

Nessus was able to detect the web administration interface for a Western Digital TV device on the remote...

Honeywell Excel (XL) Web Controller Detection

The remote host is a Honeywell Excel (XL) Web SCADA controller, a system for HVAC control applications and building automation...

McAfee Web Reporter Detection (remote check)

McAfee Web Reporter, a reporting tool used to identify internet usage in an organization, is installed on the remote...

McAfee Web Reporter Installed (credentialed check)

McAfee Web Reporter, a reporting tool used to identify Internet usage in an organization, is installed on the remote Windows...

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability

...

design-interior.ck.ua Cross Site Scripting vulnerability OBB-3905563

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

SonicWall Email Security Web Interface Detected

Detects the web interface for SonicWall Email Security on the remote...

Grandstream Networking Solutions Device Web Detection

The web interface for a Grandstream Networking Solutions device, such as a router or wireless access point, was detected on the remote...

CyberArk Password Vault Web Access Detection

CyberArk Password Vault Web Access, a web application to interface with the CyberArk Password Vault server, is running on the remote...

Meinberg LANTIME Web Interface Unspecified XSS

The remote host is running Meinberg LANTIME firmware that is affected by an XSS vulnerability due to improper validation of user-supplied input in the web interface. This allows a remote, unauthenticated attacker to execute arbitrary script...

Cisco UCS Director Web UI Detection

The login page for Cisco UCS Director, an infrastructure provisioning and management system, was detected on the remote...

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

MinIO information disclosure vulnerability

Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...

High severity vulnerability that affects io.vertx:vertx-web

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired...