Artica Proxy is a system that provides a Web Ajax console in order to manage a full Proxy server with latest Squid technology. Security Researcher Amar Kaldate, and Pratiksha Dhone from Qualys have reported multiple vulnerabilities in Artica Proxy Project. Vulnerability Details CVE-2020-13158 – Directory Traversal Artica Proxy Community Edition allows Directory Traversal via the … Continue reading “Artica Proxy Multiple Security Vulnerabilities”
Tag: Directory Traversal
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
On 22nd July 2020, Cisco published an high-severity advisory (CVE-2020-3452) with CVSS score of 7.5. Vulnerability Details Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software contains a vulnerability in web services that can allow unauthenticated, remote attackers to perform directory traversal attacks to read sensitive information on the system. The vulnerability … Continue reading “Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability”
Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)
Summary: Amidst the global Pandemic, a serious hacking campaign is currently underway, and several companies have been hacked already., that stands in Fortune 500 companies. For the past 24 hours, hackers have been mass-scanning the internet for Salt, a type of software used as configuration management inside data centers, cloud server clusters, and enterprise networks. … Continue reading “Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)”
Grandnode Path Traversal Arbitrary file download vulnerability
Summary: A path traversal vulnerability has been reported in Grandnode. LetsEncryptController.cs in the Index action method is the vulnerable component., via which the server access the token validation URL, without authentication. Description: Grandnode is an open-source eCommerce solution powered by .NET Core 2.2, supporting Windows, Linux and Mac operating systems. LetsEncryptController.cs method is used in … Continue reading “Grandnode Path Traversal Arbitrary file download vulnerability”
Qualys Discloses Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
Qualys Security Research Team has disclosed multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway. Citrix has addressed these vulnerabilities in CTX232161. The affected versions and CVEs are listed below. CVE(s) Description Product Affected Version : Build CVE-2018-6810 Directory Traversal Vulnerability Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway < 12.0 : 57.19 < 11.1 : … Continue reading “Qualys Discloses Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway”