CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

VMware Carbon Black App Control Web Console Detection

The web console for VMware Carbon Black App Control, formerly known as Cb Protection and Bit9 Parity, was detected on the remote...

SolarWinds Orion Web Performance Monitor (WPM) Remote Detection

SolarWinds Orion Web Performance Monitor (WPM) was detected on the remote...

MicroLogix 1400 PLC Web Server Request Handling RCE

The firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.004. It is, therefore, affected by a stack-based buffer overflow condition due to improper validation of user-supplied input when handling web requests. An unauthenticated, remote attacker can...

HP Intelligent Management Center Web Administration Interface Detection

The web administration interface for HP Intelligent Management Center (IMC) was detected on the remote host. HP IMC is a comprehensive wired and wireless network management tool supporting the FCAPS...

RuggedCom RuggedOS < 3.12.1 Web UI Multiple Security Vulnerabilities

According to its self-reported version, the RuggedCom RuggedOS (ROS) Web UI is affected by multiple vulnerabilities, some of which could allow a remote attacker to gain administrative access to the...

CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...

D-Link D-View 8 Web Server Detection

The D-Link D-View 8 Web Server is running on the remote...

Trend Micro InterScan Web Security Virtual Appliance Detection

The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL...

F5 Networks ARX Data Manager Web Interface Detection

The web interface login page for F5 Networks ARX Data Manager was detected on the remote host. ARX Data Manager is a product for file storage management and...

RuggedCom RuggedOS (ROS) Web-Based Admin Interface Detection

The remote device is running the RuggedCom RuggedOS (ROS) web-based administration...

Improper Authorization

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been...

WatchGuard FireboxV and XTM Fireware OS Web Detection

The web UI for a WatchGuard FireboxV or XTM running Fireware OS was detected on the remote host. Note the plugin attempts to retrieve the Fireware OS version information from the API when HTTP Basic authentication credentials are...

Cisco IoT Field Network Director Web UI Detection.

Cisco IoT Field Network Director web user interface detected on remote...

Dell EMC Data Protection Central Web Interface Detected

Detects the web interface for Dell EMC Data Protection Central on the remote...

Trend Micro ScanMail for Exchange Web Console Detection

The remote web server is running the web console for Trend Micro ScanMail for Exchange, an email security and filtering application built on top of Microsoft...

Symantec Data Center Security Web Console Interface Detection

The remote host is running a web console interface for Symantec Data Center Security, an information security management...

Riverbed SteelApp (Stingray) Traffic Manager Web UI Detection

The remote host is a Riverbed SteelApp (formerly known as Stingray) Traffic Manager appliance running a web based user interface. It is possible to read the web UI version from a standard...

RSA Authentication Agent for Web for IIS Installed

RSA Authentication Agent for Web for IIS, an authentication agent for IIS web servers, is installed on the remote Windows...

Lin CMS Spring Boot - Default JWT Token

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the...

CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability

...

van-oost-tholen.ambachtsbakker.nl Cross Site Scripting vulnerability OBB-3842165

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an...

Cisco Unified MeetingPlace Web Page Source Code Remote Password Disclosure (CSCuu33050)

According to its self-reported version number, the Cisco Unified MeetingPlace application hosted on the remote web server is potentially affected by an information disclosure vulnerability due to improper handling of passwords. An authenticated, remote attacker can obtain plaintext passwords by...

VMware Aria Operations For Networks Web Interface Detection

The web interface for VMware Aria Operations for Networks (formerly known as VMware vRealize Network Insight) was detected on the remote...

Trend Micro Apex One Management Web Console Detection

The web console interface for a Trend Micro Apex One Management server was detected on the remote...

RSA Authentication Agent for Web for Apache Installed

RSA Authentication Agent for Web for Apache is installed on the remote...

VMware Aria Operations for Logs Web UI Detection

The remote web server is running the web UI for VMware Aria Operations for Logs (formerly known as VMware vRealize Log Insight), a log management application, was detected on the remote host. Note: HTTP basic authentication credentials are required to obtain version information from the API,...

Trend Micro Threat Intelligence Manager Web Console Detection

The remote web server is running the web console for Trend Micro Threat Intelligence Manager, a security event management application used to collect, analyze, and manage Trend Micro product event...

Symantec Data Center Security Web Administration Interface Detection

The remote host is running a web interface for Symantec Data Center Security, an information security management...

Cisco WAAS Mobile Server Web Administration Interface Detection

The remote web server hosts a web administration interface for Cisco WAAS Mobile, an application acceleration / bandwidth optimization solution for mobile...

Schneider Electric InduSoft Web Studio Arbitrary Script Execution

The Schneider Electric InduSoft Web Studio running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code by sending a specially crafted packet to the TCP/IP server listening on the default...

RuggedCom RuggedOS Web-Based Admin Interface Default Credentials

The remote RuggedCom RuggedOS (ROS) device is running a web-based interface that allows login using default...

Cisco Small Business Wireless Access Point Web Detection

The web management interface for a Cisco Small Business Wireless Access Point was detected on the remote host. If credentials were supplied the version information should be available in the...

Rockwell Automation MicroLogix 1400 PLC Web Server Detection

The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1400 Programmable Logic Controller...

Rockwell Automation MicroLogix 1100 PLC Web Server Detection

The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1100 Programmable Logic Controller...

Loxone Smart Home Miniserver Web Server Version Detection

The remote device is a Loxone Smart Home Miniserver, a home automation solution. Nessus was able to extract the version from the web sever's...

Siemens SIMATIC S7-1200 PLC Web Server Detection

The remote device is running an integrated web server that is part of the software platform for managing and monitoring the SIMATIC S7-1200 Programmable Logic Controller...

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability

...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client...

RHEL 7 : Red Hat Gluster Storage Web Administration (RHSA-2019:0265)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0265 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2023-51418

Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through...

MinIO information disclosure vulnerability

Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...

CVE-2022-41947

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

CVE-2023-51418 WordPress JVM rich text icons plugin <= 1.2.6 - Arbitrary File Deletion vulnerability

Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through...