interceptor vulnerabilities and exploits

(subscribe to this query)

Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/intercep...

Pion Interceptor

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

* Pulsar Manager Apache Pulsar Manager 0.1.0

Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects o...

* Https //github.com/brave/adblock-lists Brave Adblock-lists

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

Ibm Websphere Application Server

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

Ibm Corporation Websphere Application Server Ibm Websphere Application Server 8.0 Ibm Websphere Application Server 8.5 Ibm Websphere Application Server 8.5.5 Ibm Websphere Application Server 9.0

A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an malicious user to execute arbitrary code.

Adobe Systems Incorporated Magento 2 Magento Magento Magento Magento 2.3.2

A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an malicious user to execut...

Adobe Systems Incorporated Magento 2 Magento Magento Magento Magento 2.3.2

The package github.com/hoppscotch/proxyscotch prior to 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of se...

* Github.com/hoppscotch/proxyscotch Proxyscotch Project Proxyscotch

Apache Struts 2.3.1.2 and previous versions, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote malicious users to modify run-time data values via a crafted parameter to an a...

1 EDB exploit

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 do not require authentication by default in cer...

Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Brms Platform

1 EDB exploit

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook