HashiCorp Vault’s AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores […]
HashiCorp Vault’s GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE instances, by creating a JWT token […]
http://www.klonghok.go.th notified by Tev3R
Tags:
defacement
BACnet Test Server 1.01 – Remote Denial of Service (PoC)
Tags:
0day,
remote exploit
Textpattern CMS 4.6.2 – ‘body’ Persistent Cross-Site Scripting
Tags:
0day,
remote exploit
SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php.
Restaurant Reservation System version 1.0 suffers from an authenticated remote SQL injection vulnerability.
EasyPMS 1.0.0 – Authentication Bypass
Tags:
0day,
remote exploit
Karel IP Phone IP1211 Web Management Panel – Directory Traversal
Tags:
0day,
remote exploit
