JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

CVE-2007-1477

Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured...

Denial Of Service (DoS)

typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to improper session validation, which allows attackers to create an arbitrary amount of individual session-data records in the database, which results in Denial of...

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

Cisco Firepower Threat Defense Software Snort 3 HTTP Intrusion Prevention System Rule Bypass (cisco-sa-snort3-ips-bypass-uE69KBMd)

According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

Exploit for Out-of-bounds Read in Microsoft

Information ============== Windows Kernel Pool (clfs.sys)...

CVE-2023-1353

A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site...

Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more...

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....

Denial Of Service (DoS)

Symfony is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper hostname validation via a regular expression within Request::getHost(), which results in...

Investigate Security Vulnerability of getPhysicalDisplayToken

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Amazon Web Services EC2 SSM enumeration

Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API (nominally,...

EoP in shouldAbortBackgroundActivityStart of ActivityStarter.java

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

Deserialization Of Untrusted Data

symbiote/silverstripe-multivaluefield is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to inadequate validation of user input, as well as object injection caused by support for handling PHP objects as values, which allows an attacker to inject malicious...

Exploit for Out-of-bounds Write in Openssl

2022 OpenSSL vulnerability -...

Denial Of Service (DoS)

aimeos/aimeos-core is vulnerable to Denial Of Service. The vulnerability is due to a lack of checks performed while saving and retrieving locale...

Deserialization Of Untrusted Data

org.apache.activemq is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to org.jolokia.http.HttpRequestHandler#handlePostRequest creating a JmxRequest through a JSONObject and calls to org.jolokia.http.HttpRequestHandler#executeRequest. This issue can be exploited by an...

Denial of service in Kubernetes

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

Denial of service in Kubernetes

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

Improper Enforcement Of Behavioral Workflow

aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital...

Insufficient Granularity Of Access Control

lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service (DoS). The vulnerability is caused due to the lack of validation for custom emoji reactions. This allows an attacker to send a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

Improper Verification Of Cryptographic Signature

gnutls is vulnerable to Improper Verification Of Cryptographic Signature. The vulnerability is due to improper handling of certificate chains with distributed trust, particularly when used with cockpit and validated through cockpit-certificate-ensure. This allows an unauthenticated attacker to...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the sigstore verifier reading an untrusted response entirely into memory without enforcing a limit on the response body. The vulnerability allows an attacker to crash the Minder server and deny other....

U.S. Dept Of Defense: Reflected XSS via Keycloak on ███ [CVE-2021-20323]

Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks. A lack of proper input validation made it possible for an attacker to execute malicious JavaScript code on....

U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on ██████

Hi team I found a reflected xss via search query on ████████ that allows an attacker to execute Javascript code into victim's browser. PoC 1- Doing subdomain enumeration of ██████████, i found the following one: ████████ 2- On the search query i saw that is injecting inside an h6 html tag:...

U.S. Dept Of Defense: Reflected XSS via Moodle on ███ [CVE-2022-35653]

Hi Security Team I found an xss vulnerability on your website [CVE-2022-35653] Refrence : https://vulners.com/nuclei/NUCLEI:CVE-2022-35653 if you wanna test this : ``` id: CVE-2022-35653 info: name: Moodle LTI module Reflected - Cross-Site Scripting author: iamnoooob,pdresearch severity:...

Denial Of Service (DoS)

.NET and ASP.NET are vulnerable to Denial Of Service (DoS). The vulnerability exists in the Kestrel web server, which allows an attacker to bypass the QUIC stream limit in HTTP/3, resulting in an application...

Exploit for Out-of-bounds Write in Samba

CVE-2021-44142 Vulnerability Checker A tool to check if a...

Denial Of Service (DOS)

ASP.NET Core is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper handling of certain SignalR requests which results in the server being overwhelmed unresponsive, resulting in Denial of Service...

Denial Of Service (DoS)

rack-contrib is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the user-controlled profiler_runs parameter not being constrained, which allows an attacker to allocate resources on the server side without limitation, resulting in Denial of...

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to processing X.509 certificates, which allows a malicious user is to trigger an application crash by passing a crafted...

Denial Of Service (DoS)

Yarp.ReverseProxy is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists due insufficient checks in StreamCopyHttpContent.cs, which allows an attacker to cause denial of service...

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial of Service (DOS). The vulnerability is due to a memory leak in the QuicCryptoTlsReadExtensions function in crypto_tls.c, which results in Denial of Service. An attacker can create multiple instances are present or multiple calls to the decode...

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial Of Service (DoS). The vulnerability is due to the library allowing version negotiation packets for server connections, which enables an attacker to crash the...

Denial Of Service (DoS)

Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service (DoS). The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web Encryption(JWE) token. Successful...

Denial Of Service (DoS)

.NET is vulnerable to Denial Of Service (Dos). The vulnerability is due to improper handling of x509 certificates, which can result in Denial of Service...

Denial Of Service (DoS)

ASP.NET Core is vulnerable to Denial of Service (DoS). The vulnerability occurs when an attacker cancels a HTTP requests made to ASP.NET Core running on an IIS In Process hosting model, which may cause an increase in thread counts, potentially leading to an OutOfMemoryException, which results in...

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service (DoS).The vulnerability is due to resource leaks caused by specially crafted requests, which can result in Denial of Service...

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial Of Service (DoS). The vulnerability is caused by holding onto failed connections, leading to continuous memory consumption until exhaustion, resulting in Denial of Service. Note that this vulnerability is not exploitable on .NET-based web servers running on...

U.S. Dept Of Defense: Reflected XSS on error message on Login Page

Greetings! I've found a reflected XSS on a login page on█████ . The vulnerable link is: https://███████/users/login?error=<img src> █████████ Impact An attacker can inject crafted javascript that can steal user cookies, impersionate, steal information, deface...

Denial Of Service (DoS)

silverstripe/framework is vulnerable to Denial Of Service (DoS). The vulnerability is due to missing XML size checks, which allows an attacker to significantly degrade the performance of the site through a Quadratic Blowup...

Grafana Spoofing originalUrl of snapshots

To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....

Exploit for Out-of-bounds Write in Fortinet Fortios

CVE-2022-42475 Background This is the exploit for the...

CVE-2023-7075

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be...

Denial Of Service

JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory...

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

Exploit for Deserialization of Untrusted Data in Apache Activemq

ActiveMQ-RCE ActiveMQ RCE (CVE-2023-46604) exploit, written...

Exploit for Deserialization of Untrusted Data in Apache Log4J

本工具仅为企业测试漏洞使用，严禁他人使用本工具攻击 本工具仅为企业测试漏洞使用，严禁他人使用本工具攻击...