An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.
Source link
[Bug 1839865] CVE-2019-20798 cherokee: XSS in the administrator panel
RELATED STORIES
Ubuntu Security Notice 4754-4 – USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a...
Recently, an enterprising security researcher, Alex Birsan hacked tech companies and managed to pocket over...
Critical vulnerability found in Snow Software’s Inventory Agent A vulnerability in Snow Software’s Snow Inventory Agent...
Hello everyone, I have returned to tackle part four of my series on Windows exploitation,...
Yeastar NeoGate TG400 中存在路径遍历漏洞。该漏洞源于产品未能正确地过滤资源或文件路径中的特殊元素,经过身份验证的用户可以解密固件,并可以读取敏感信息,如密码或解密密钥。以下产品及版本受到影响:Yeastar NeoGate TG400 91.3.0.3。 Copyright © 北京奇虎科技有限公司 360网络攻防实验室 安全客 All Rights Reserved...
Description: Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion...
# -*- coding: utf-8 -*- import socket from time import sleep from os import system...
Source: Bombardier Business jet maker Bombardier is the latest company to suffer a data breach...
NEW RESOURCES National Gallery of Art: National Gallery of Art Announces Launch of Kress Collection...
Κινέζοι χάκερ “κλωνοποίησαν” και χρησιμοποιούσαν για χρόνια ένα zero-day exploit των Windows που κλάπηκε από...
You must be logged in to post a comment.