Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote com ...

Continue Reading

March 28, 2024

Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote com ...

Continue Reading

March 28, 2024

Session Token in URL in directus

Impact When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, brow ...

Continue Reading

March 28, 2024

GHSA-C8V6-786G-VJX6 vulnerabilities

Vulnerabilities for packages: ruby3.2-json-jwt,...Read More ...

Continue Reading

March 28, 2024

GHSA-C8V6-786G-VJX6 vulnerabilities

Vulnerabilities for packages: ruby3.2-json-jwt,...Read More ...

Continue Reading

March 28, 2024

Session Token in URL in directus

Impact When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, brow ...

Continue Reading

March 28, 2024

Cross site request forgery (csrf)

Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security ri ...

Continue Reading

March 28, 2024

CVE-2023-51774 vulnerabilities

Vulnerabilities for packages: ruby3.2-json-jwt,...Read More ...

Continue Reading

March 28, 2024

1 51 52 53 54 55 187

Back to Main
Subscribe for the latest news: